Openclaw User Data Pack
Security checks across malware telemetry and agentic risk
Overview
This appears to be a transparent local OpenClaw backup/restore skill, but its exports and restores can expose or overwrite sensitive persistent user data.
Install this only if you need to migrate or back up OpenClaw data. Always run dry-run, inspect EXPORT_MANIFEST.txt, keep the zip private, back up the destination before applying, and enable sessions or config only when you understand they may contain full transcripts or secrets.
VirusTotal
62/62 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Applying an export can replace existing workspace, memory, skill, or session files if paths collide.
The restore workflow can overwrite local files. This is disclosed and paired with dry-run, manifest review, and backup instructions, so it is a notable expected risk rather than suspicious behavior.
**Overwrite rule:** same path ⇒ destination file replaced. Same path ≠ same meaning. Only `openclaw.json` gets a `.bak.<timestamp>` when using `--apply-config`; **other paths are not auto-backed up.**
Run dry-run first, inspect EXPORT_MANIFEST.txt, back up the target, and do not apply over a live workspace until conflicts are resolved or you explicitly accept replacement.
A zip from this skill may reveal private memories or transcripts, and an untrusted restore package could alter future OpenClaw behavior through memory, persona, or skill files.
The skill intentionally packages and restores persistent agent context. That is core to migration, but it means an exported zip may contain private context and an imported zip can influence future agent behavior.
Assume the archive may hold sensitive material: persona, `MEMORY.md`, logs, workspace skills; with optional layers, session JSONL and `openclaw.json` (secrets, channels).
Keep exports private, do not upload them to public storage, and only apply zips from trusted sources after reviewing the manifest and relevant files.
If the config option is enabled, API keys, tokens, channels, or machine-specific paths in openclaw.json may be copied into the export and later restored.
The optional config snapshot can include secrets or tokens. The script requires an acknowledgement flag and SKILL.md warns users, so this is disclosed and purpose-aligned.
help="Include openclaw.json as config/openclaw.json (may contain secrets)"
Avoid config snapshot/apply unless necessary; prefer re-login on the new machine, and inspect or redact openclaw.json before sharing any export.
Installing dependencies can pull code from the package index, which may matter in locked-down or high-assurance environments.
The skill may install an unpinned Python dependency to parse JSON5 config files. This is a normal optional setup step for the stated purpose, but it leaves dependency resolution to the environment.
json5>=0.9.0
Install in a trusted Python environment, use your organization’s package mirror if applicable, or pin/verify json5 before running the scripts.
A dry-run may make a small filesystem change by creating the target workspace directory, although it does not appear to write restored archive contents.
This directory creation occurs before the later dry-run output path, so an apply dry-run with a new explicit workspace can still create that directory despite the documentation saying dry-run does not change disk.
if args.workspace is not None:
ws = args.workspace.expanduser().resolve()
ws.mkdir(parents=True, exist_ok=True)Use an existing throwaway target for dry-runs, or update the script to delay creating the workspace directory until a non-dry-run apply.