← Back to Skills Marketplace
zurbrick

Openclaw Backup

by Don Zurbrick · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ⚠ suspicious
234
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install agent-backup
Description
Encrypted backup and restore for OpenClaw agents. Two-tier archives: operational data safe for cloud storage, secrets encrypted with age for local recovery....
README (SKILL.md)

🔐 Agent Backup

One command to backup. One command to restore. Everything encrypted, verified, and rollback-safe.

Quick Start

# Backup (operational only — safe for cloud)
bash {baseDir}/scripts/backup.sh

# Backup with encrypted secrets
bash {baseDir}/scripts/backup.sh --include-secrets --age-recipient age1...

# Verify
bash {baseDir}/scripts/verify.sh --manifest \x3Cpath>/manifest.json --archive \x3Cpath>/backup.tar.gz

# Restore (dry-run first)
bash {baseDir}/scripts/restore.sh --manifest \x3Cpath>/manifest.json --archive \x3Cpath>/backup.tar.gz --dry-run

# Restore for real
bash {baseDir}/scripts/restore.sh --manifest \x3Cpath>/manifest.json --archive \x3Cpath>/backup.tar.gz

# Push to GitHub (operational only, secrets blocked if unencrypted)
bash {baseDir}/scripts/push-to-github.sh --manifest \x3Cpath>/manifest.json --archive \x3Cpath>/backup.tar.gz

# Schedule daily 4 AM backups
bash {baseDir}/scripts/schedule.sh

Two-Tier Archive Model

Tier Contents Cloud safe? Encrypted?
Operational Workspace, redacted config, crons ✅ Yes No (no secrets)
Secrets .env, agent auth profiles ❌ Local only ✅ Required (age)

Default: operational only. Secrets are opt-in via --include-secrets.

Restore Safety

Restore uses a 7-step safety flow:

  1. Verify manifest checksums
  2. Extract to staging (not live directory)
  3. Verify critical files in staging
  4. Backup current state to .pre-restore-backup-TIMESTAMP
  5. Atomic swap
  6. Health check (pre-restart-check.sh if available)
  7. Auto-rollback on failure

Flags: --dry-run (preview only), --force (non-interactive)

Prerequisites

  • age for secrets encryption: brew install age or apt install age
  • gh for GitHub push (optional): brew install gh

Configuration

Set encryption via environment or flags:

# Environment
export AGE_RECIPIENT="age1your_public_key"
export AGE_PASSPHRASE_FILE="/path/to/passphrase"

# Or flags
bash {baseDir}/scripts/backup.sh --include-secrets --age-recipient age1...

Workflows

  • bash {baseDir}/scripts/weekly-verify.sh — verify all backup sets, prune by daily/weekly/monthly retention, and clean orphaned files.
  • bash {baseDir}/scripts/monthly-drill.sh — run a dry-run restore against the newest backup set and report pass/fail.
  • bash {baseDir}/scripts/pre-change-snapshot.sh — create a fast operational-only snapshot before config edits or gateway restarts.
  • .github/workflows/verify-backup.yml — GitHub Actions CI that builds a fixture backup, validates manifest checksums, extracts the archive, and checks critical files.

Reference Files

  • {baseDir}/references/restore-guide.md — full disaster recovery walkthrough
  • {baseDir}/references/what-to-backup.md — every file explained
  • {baseDir}/references/retention-policy.md — how long to keep backups
Usage Guidance
This package implements a reasonable backup/restore flow, but review and confirm a few things before installing: 1) Ensure required binaries are present: tar, python3, and the openclaw CLI; install age and gh only if you intend to use encrypted secrets or GitHub push. 2) Understand credential use: push-to-github uses your gh session (it will create/clone a private repo under your GitHub account) and secrets restoration uses age identities or passphrase files you provide — keep those keys/passphrases secure. 3) Test in dry-run mode first: run verify.sh and restore.sh --dry-run and run monthly-drill/monthly-verify in a test backup folder. 4) Be aware restore.sh replaces ~/.openclaw atomically and will move the pre-restore state to a timestamped .pre-restore-backup directory; schedule.sh will create/replace cron jobs via openclaw cron create. 5) Because the metadata omits required binaries/envs, treat the omission as a packaging oversight; if you need to install this, prefer a local code review and run scripts manually in a sandbox before giving them access to production credentials or enabling scheduled jobs.
Capability Analysis
Type: OpenClaw Skill Name: agent-backup Version: 1.1.0 The skill provides comprehensive backup and disaster recovery functionality, which inherently requires high-risk capabilities such as broad file system access (reading and writing to the agent's home directory), network access (pushing archives to GitHub via the 'gh' CLI), and persistence (creating cron jobs via 'openclaw cron'). While these actions are clearly aligned with the stated purpose and include significant security controls—such as mandatory 'age' encryption for secrets, automated redaction of sensitive keys in configuration files, and atomic restore operations with rollback—the presence of these powerful capabilities without a sandbox fits the criteria for a 'suspicious' classification. Key files involved include 'scripts/backup.sh' (redaction/archiving), 'scripts/push-to-github.sh' (external data transfer), and 'scripts/restore.sh' (system-level file replacement).
Capability Assessment
Purpose & Capability
The skill's stated purpose is an encrypted backup/restore for OpenClaw and the included scripts implement that. However the registry metadata claims no required binaries or env vars while the scripts unambiguously require tar, python3, and the openclaw CLI (schedule/restore), and optionally age and gh for secrets and GitHub pushes. Those runtime requirements are proportional to the stated purpose, but they are not declared in the skill metadata — an incoherence that could surprise operators.
Instruction Scope
SKILL.md and the scripts stay within the backup/restore domain: staging, checksums, optional secrets encryption with age, and pushing operational archives to a GitHub repo. The restore flow is destructive when run for real (it atomically swaps ~/.openclaw and saves a .pre-restore-backup) and scheduling creates OpenClaw cron jobs that will run these scripts. No instructions attempt to read or exfiltrate unrelated system files or unknown network endpoints beyond GitHub and the optional use of gh.
Install Mechanism
There is no external download/install step in the manifest (no network install), and all included code is local shell/python scripts. That lowers install risk. There is no 'extract-from-URL' or third-party package install specified by the registry metadata.
Credentials
The scripts expect and honor environment variables (AGE_RECIPIENT, AGE_PASSPHRASE_FILE, AGE_IDENTITY_FILE, OPENCLAW_DIR, BACKUP_DIR, CRON_*), and they use the user's gh authentication and the openclaw CLI. The registry declared no required envs or primary credential — this mismatch is a risk because the skill will act using the operator's local credentials (GitHub via gh, OpenClaw CLI context) and may read passphrase files if provided. Those accesses are explainable by the feature set, but they should be declared so operators know what credentials will be used.
Persistence & Privilege
always:false and user-invocable:true (defaults) — good. The skill does create cron jobs via the openclaw CLI (schedule.sh) which grants it persistence/recurrence on the host via OpenClaw's scheduling mechanism; this is expected for a backup tool but operators should be aware cron entries are created/replaced. The skill does not modify other skills' configs directly.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install agent-backup
  3. After installation, invoke the skill by name or use /agent-backup
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
v1.1.0: Added workflows — weekly-verify.sh (archive validation + retention pruning), monthly-drill.sh (automated restore dry-run), pre-change-snapshot.sh (quick snapshot before config changes), GitHub Actions CI for backup verification on push.
v1.0.1
v1.0.1: Improved documentation — scannable README with disaster recovery scenarios, security model table, setup guide, file reference. SKILL.md trimmed for AgentSkills spec.
v1.0.0
v1.0.0: Council-hardened backup/restore. Two-tier archives (operational + encrypted secrets), age encryption, manifest with SHA-256 checksums, atomic restore with staging/rollback, dry-run testing, GitHub push with secrets protection.
Metadata
Slug agent-backup
Version 1.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Openclaw Backup?

Encrypted backup and restore for OpenClaw agents. Two-tier archives: operational data safe for cloud storage, secrets encrypted with age for local recovery.... It is an AI Agent Skill for Claude Code / OpenClaw, with 234 downloads so far.

How do I install Openclaw Backup?

Run "/install agent-backup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Backup free?

Yes, Openclaw Backup is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Openclaw Backup support?

Openclaw Backup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Openclaw Backup?

It is built and maintained by Don Zurbrick (@zurbrick); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments