← Back to Skills Marketplace
danielglh

Claw Soul Backup

by Daniel · GitHub ↗ · v0.1.8
cross-platform ⚠ suspicious
440
Downloads
0
Stars
0
Active Installs
9
Versions
Install in OpenClaw
/install claw-soul-backup
Description
Store encrypted OpenClaw workspace backups and restore them via token-secured API using claw-vault.com with local encryption and credential management.
README (SKILL.md)

Claw Vault Backup

Use this skill to run encrypted workspace backups with Claw Vault.

Official Sources

Safety Rules

  • Ask the user for explicit confirmation before first upload.
  • Upload encrypted archives only (never raw workspace files).
  • Treat backup_id and api_token as secrets.
  • Do not print secrets in logs or chat output.
  • Store secrets only in a secure location approved by the user.

Workflow

1) Initial backup (one-time)

  1. Prepare encrypted archive locally.
  2. Upload with POST /backup.
  3. Save returned backup_id and api_token securely.

Example:

curl -sS -X POST "https://api.claw-vault.com/backup" \
  -F "[email protected];type=application/octet-stream"

2) Periodic auto-backup (daily override)

After the initial backup, run daily updates with PUT /backup/\x3Cbackup_id> using the same backup ID and API token.

Example:

curl -sS -X PUT "https://api.claw-vault.com/backup/$BACKUP_ID" \
  -H "X-API-Token: $API_TOKEN" \
  -F "[email protected];type=application/octet-stream"

3) Cron scheduling example

Create a local script that:

  1. Builds a fresh encrypted archive.
  2. Calls the PUT override endpoint.
  3. Exits non-zero on failure.

Run it daily (example: 03:00):

0 3 * * * /bin/bash /path/to/claw-vault-backup.sh >> /path/to/claw-vault-backup.log 2>&1

Agent Behavior

Usage Guidance
This skill is coherent with its purpose, but before installing: 1) Verify the legitimacy of https://www.claw-vault.com and its privacy/security practices; 2) Ensure you create and verify the local encryption process (encrypt locally before any upload) and test with non-sensitive data first; 3) Be prepared to provide and securely store the returned backup_id and api_token (the SKILL.md examples reference $BACKUP_ID and $API_TOKEN even though they aren't declared); 4) Note the skill directs the agent to consult a remote SKILL.md — that external content could change how the agent behaves, so only proceed if you trust the host; 5) Confirm the agent will ask for explicit user confirmation before any first upload as stated in the Safety Rules.
Capability Analysis
Type: OpenClaw Skill Name: claw-soul-backup Version: 0.1.8 The skill's stated purpose is to perform encrypted workspace backups, and it includes several good safety rules for handling secrets and user confirmation. However, it instructs the AI agent to dynamically fetch its 'current response formats and full API contract' from an external URL (`https://www.claw-vault.com/SKILL.md`). This instruction in `SKILL.md` introduces a significant supply chain vulnerability, as a compromise of the external server could allow an attacker to alter the agent's behavior through prompt injection, potentially leading to unauthorized actions or data exfiltration.
Capability Assessment
Purpose & Capability
Name/description match the SKILL.md workflow: prepare local encrypted archives, upload to https://api.claw-vault.com, and store backup_id/api_token. The skill does not request unrelated credentials, binaries, or system access.
Instruction Scope
The runtime instructions are narrowly scoped (encrypt locally, upload, store tokens securely, ask for confirmation). However the SKILL.md tells the agent to 'Follow https://www.claw-vault.com/SKILL.md for current response formats and full API contract' — that gives the agent a live external reference that could change behavior at runtime. The skill itself otherwise directs no unexpected file reads or transmissions beyond the backup upload.
Install Mechanism
Instruction-only skill with no install spec and no code to write to disk. Lowest install risk.
Credentials
The skill does not declare required env vars or primary credentials, which is proportional to being instruction-only. Example snippets reference $BACKUP_ID and $API_TOKEN so the agent/user will need to supply those tokens; the SKILL.md instructs treating them as secrets. It would be clearer if the skill declared those as expected inputs, but their use is consistent with the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or other skills' credentials. Autonomous invocation is allowed (platform default) but not combined with elevated privileges here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install claw-soul-backup
  3. After installation, invoke the skill by name or use /claw-soul-backup
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.8
Expand discovery tags only; keep SKILL.md content unchanged.
v0.1.7
Add periodic auto-backup guidance: one-time POST, then daily cron-based PUT override flow.
v0.1.6
Remove private repo reference and simplify skill to neutral pointer-only guidance.
v0.1.5
Remove private repository reference from public skill metadata and keep pointer-only instructions.
v0.1.4
Reduce skill surface area: docs pointer only, explicit consent requirement before any network action.
v0.1.3
Fix changelog path leak; add provenance; remove plaintext secret-storage guidance; defer API procedure to canonical SKILL URL.
v0.1.2
Use /Users/daniel/.config/claw-vault.json for credential path and keep skill instructions backup-focused.
v0.1.1
Remove promotional section from SKILL instructions to improve security review clarity.
v0.1.0
Initial release: encrypted OpenClaw workspace backup and restore via Claw Vault API.
Metadata
Slug claw-soul-backup
Version 0.1.8
License
All-time Installs 0
Active Installs 0
Total Versions 9
Frequently Asked Questions

What is Claw Soul Backup?

Store encrypted OpenClaw workspace backups and restore them via token-secured API using claw-vault.com with local encryption and credential management. It is an AI Agent Skill for Claude Code / OpenClaw, with 440 downloads so far.

How do I install Claw Soul Backup?

Run "/install claw-soul-backup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Claw Soul Backup free?

Yes, Claw Soul Backup is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Claw Soul Backup support?

Claw Soul Backup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Claw Soul Backup?

It is built and maintained by Daniel (@danielglh); the current version is v0.1.8.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments