← Back to Skills Marketplace
OCTOOL for backup
by
Donnieclaw
· GitHub ↗
· v1.0.17
· MIT-0
303
Downloads
0
Stars
0
Active Installs
18
Versions
Install in OpenClaw
/install octool
Description
Openclaw Visual Configuration Assistant. Provides secure wizard for local/Git backup and workspace migration.
Usage Guidance
This skill appears coherent for a browser-based backup wizard, but take these precautions before installing or using it: 1) Manually review the full oc-tool.html (search for fetch/XHR/WebSocket, eval, atob/decoded strings, or hidden endpoints) to confirm there are no hidden network calls or obfuscated code. 2) Test the page offline (disconnect network) and confirm DevTools → Network shows zero requests before entering any token. 3) If you use Git mode, create a fine-grained GitHub PAT limited to the specific repo and only 'contents: read & write' as recommended. 4) Always inspect generated shell commands before pasting them into your terminal; even well-intentioned scripts can be harmful if executed incorrectly. 5) Prefer running the tool in a disposable or isolated browser profile/tab and close the tab to ensure sessionStorage is cleared. If you want higher assurance, provide the full oc-tool.html for a complete code audit (I only saw a truncated excerpt here).
Capability Analysis
Type: OpenClaw Skill
Name: octool
Version: 1.0.17
The 'octool' skill bundle is a visual configuration and backup assistant for OpenClaw. Analysis of 'oc-tool.html' reveals a well-documented, frontend-only utility that generates shell commands for the user to manually execute in their terminal. The developer has implemented several security best practices, including regex-based input sanitization (e.g., 'sanitizePath', 'sanitizeTag') to prevent shell injection and the use of 'sessionStorage' to ensure GitHub tokens are cleared when the browser tab is closed. The tool's behavior is strictly aligned with its stated purpose of managing backups and environment migrations, with no evidence of data exfiltration, hidden backdoors, or malicious prompt injection.
Capability Tags
Capability Assessment
Purpose & Capability
Name, description and SKILL.md describe a local/browser backup and git-integration assistant. The provided html implements a frontend-only UI and explains GitHub PAT usage; there are no unrelated required binaries, env vars, or installs requested, so the requested footprint aligns with the stated purpose.
Instruction Scope
SKILL.md and the embedded oc-tool.html state the tool runs entirely in the browser, only reads files the user drags in, and only calls api.github.com when the user opts into Git mode. The tool also generates shell commands for manual execution. These instructions remain within scope, but the file makes strong claims about input sanitization and 'no other network calls' — those claims are plausible but should be validated by reviewing the full HTML/JS (e.g., search for fetch/XHR/WebSocket and any dynamic eval or encoded network endpoints).
Install Mechanism
Instruction-only skill with no install spec and no code executed by the platform. No downloads, package installs, or archive extraction are present in the manifest — lowest-risk installation model.
Credentials
No required environment variables or credentials declared. The only credential the tool optionally uses is a GitHub PAT provided by the user in-GUI and (per the code) stored in sessionStorage; that is proportional to the claimed GitHub write/read use. The SKILL.md recommends fine-grained PAT scopes, which is appropriate.
Persistence & Privilege
Skill is not always-on and does not request elevated or persistent platform privileges. It does not modify other skills or system-wide agent settings. Generated shell snippets write to ~/.bash_profile only when the user chooses to run them; that behavior is described and gated by manual copy/paste.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install octool - After installation, invoke the skill by name or use
/octool - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.17
**v1.0.17 Changelog**
- Security: The GitHub Personal Access Token (PAT) is now stored in `sessionStorage` instead of `localStorage` for enhanced privacy; the token is automatically cleared when you close the browser tab.
- Security: All shell command user inputs (paths, tags, commit messages, exclude patterns) are now strictly validated. Inputs containing shell metacharacters are rejected with an error.
- Safety: The bash profile write command now includes an idempotent marker to guard against repeated execution.
- Documentation: Updated privacy and security sections to reflect sessionStorage usage, more precise credential handling, and removal of all background file access outside of explicit user actions.
- Usability: Proxy detection command improved; no longer uses dynamic code execution—ensuring only safe, read-only syscalls are generated.
v1.0.16
No file changes detected in this release.
- No functional or documentation changes introduced.
- Version increment only; all features and documentation remain unchanged.
v1.0.15
v1.0.15
- No file changes detected.
- No functional, UI, or documentation updates in this release.
- Behavior and features remain identical to the previous version.
v1.0.14
v1.0.14
- No code or documentation changes detected in this version.
- Likely a metadata or version bump only; functionality remains as in previous release.
v1.0.13
v1.0.13
- No file or documentation changes detected in this version.
- Functionality and documentation remain identical to the previous release.
v1.0.12
v1.0.12
- No changes detected in this release.
- All features and documentation remain the same as the previous version.
v1.0.11
v1.0.11 is a documentation and disclosure update focused on security and transparency:
- Clarified that GitHub token (PAT) is used only for two specific `api.github.com` calls (repo verify and file write); recommends fine-grained PAT limited to `Contents: Read and Write`.
- Made documentation more precise on which files are targeted, emphasizing that all backup/restore commands are generated for manual execution only.
- Added explicit disclosure that all generated shell (`sed`/`rsync`/`cp`/`git`) commands are display-only and never executed automatically by the tool.
v1.0.10
No file changes were detected in this release.
- Version bumped to 1.0.10 with no code or documentation changes.
- No user-facing changes or updates.
v1.0.9
No changes detected in this version.
- No updates or modifications were made to the skill files or documentation.
v1.0.8
- Updated usage instructions in SKILL.md for greater clarity on how to launch the tool after installation.
- Added guidance for users installed in a custom workspace, including fallback steps if the file path is unclear.
- No code changes; documentation update only.
v1.0.7
- No user-visible changes in this release.
- Version updated; content and functionality remain the same.
v1.0.6
- Added support for flexible custom backups: users can now intuitively add or remove extra folders/files for packaging via the drag-and-drop UI.
- Expanded terminal command generation: now provides clear text examples for `oc` (startup), `oc-save` (backup with custom files), and `oc-rec` (restore specific versions).
- Documentation updated to clarify new features and usage for both Chinese and English users.
v1.0.5
- Improved privacy by removing all external resource dependencies (e.g., Google Fonts) for true zero external requests.
- Enhanced documentation describing local-only file reading: the tool now explicitly states it processes only user-provided files via drag-and-drop, without accessing other disk data.
- Updated security instructions about credential storage, including guidance on least-privilege tokens and browser localStorage risks.
- Clarified that all scripts and commands are always generated for manual review and execution—no automated system changes.
v1.0.4
- Added detailed privacy and security statements in both Chinese and English, explaining local-only execution, credential handling, and the manual script execution requirement.
- Clarified that the tool neither runs background actions nor modifies files without user review and explicit manual execution.
- No changes to underlying files or functionalities; documentation update only.
v1.0.3
No user-facing changes in this release.
- Version bumped to 1.0.3 with no file or documentation updates detected.
v1.0.2
- Minor wording changes for clarity in documentation.
- Updated descriptions to remove reference to background automation in Secure Configuration Wizard.
- No functional or code changes; documentation only.
v1.0.1
- Updated documentation for clearer descriptions in both Chinese and English.
- Emphasized manual, text-based configuration and backup commands rather than automated injection.
- Clarified the tool’s functionality as a configuration assistant and environment migration aid.
- Simplified feature list for easier understanding.
- No code or file changes detected in this version.
v1.0.0
Initial Release 🚀
[CN] 新手第一个Openclaw备份Skill!安全纯本地运行,提供 Openclaw 工作区参数和数字分身(Agent)的安全可视化备份、恢复与环境无感注入。
[EN] My first Openclaw backup Skill! Provides secure visual backup, restoration, and seamless environment injection for Openclaw workspace parameters and digital personas (Agents).
Metadata
Frequently Asked Questions
What is OCTOOL for backup?
Openclaw Visual Configuration Assistant. Provides secure wizard for local/Git backup and workspace migration. It is an AI Agent Skill for Claude Code / OpenClaw, with 303 downloads so far.
How do I install OCTOOL for backup?
Run "/install octool" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OCTOOL for backup free?
Yes, OCTOOL for backup is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OCTOOL for backup support?
OCTOOL for backup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OCTOOL for backup?
It is built and maintained by Donnieclaw (@donnieclaw); the current version is v1.0.17.
More Skills