← Back to Skills Marketplace
Openclaw Auto Backup
by
williamwg2025
· GitHub ↗
· v0.1.6
· MIT-0
529
Downloads
1
Stars
4
Active Installs
7
Versions
Install in OpenClaw
/install openclaw-auto-backup
Description
OpenClaw 自动备份技能 - 定时备份配置文件,防止数据丢失。 支持版本管理、一键恢复、定时任务。包含完整 Python 脚本(backup/restore/list/cleanup)。 已通过 ClawHub 多次安全审查(ZipSlip/Symlink/Manifest 修复)。 关键词:opencla...
Usage Guidance
This skill appears to implement a local backup/restore tool and does not phone home or request secrets. Before installing: 1) Inspect config/backup-config.json to confirm which files are watched and add exclude patterns for any files containing secrets (API keys, token files, memory dumps). 2) Be aware backups are stored unencrypted by default — encrypt them (gpg/age) or enable secure storage if you have sensitive data. 3) Test backup and restore with --debug / --dry-run in a safe environment to verify behavior. 4) Note small implementation issues (tilde paths in config may not be expanded by the scripts; manifest totalSize calculation may be incorrect and some directory restore paths may not handle directories cleanly) — these are bugs, not signs of exfiltration. 5) Confirm how the OpenClaw platform registers the claimed cron job (the scripts themselves do not auto-register system cron entries). If you require encrypted offsite backups or central credential handling, consider a dedicated backup solution instead.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-auto-backup
Version: 0.1.6
The skill bundle provides a standard backup and restore utility for OpenClaw configurations. The Python scripts (backup.py, restore.py, cleanup.py, and list.py) are well-structured and include explicit security checks to prevent common vulnerabilities, such as ZipSlip path traversal and symlink attacks, during the extraction and backup processes. No network activity, obfuscation, or unauthorized data exfiltration was detected; the behavior is entirely consistent with the stated purpose of local configuration management.
Capability Assessment
Purpose & Capability
Name/description (automated backups of OpenClaw config) align with the included scripts and config. The scripts operate on ~/.openclaw, create archives, list, restore and clean backups — which is exactly what the skill claims to do.
Instruction Scope
Runtime instructions are narrowly scoped to local backup operations and do not instruct reading unrelated system files or sending data externally. Minor inconsistencies: SKILL.md claims an OpenClaw built-in cron task (with an ID) and automatic scheduling at 02:00, but the codebase contains no installer that registers system cron jobs or the platform cron entry — this likely relies on the platform, not the scripts. Also the SKILL.md/config recommend excluding sensitive files and warn that backups are not encrypted.
Install Mechanism
Instruction-only install (scripts included in the skill bundle). No external downloads, package installs, or execution of fetched code — low install risk.
Credentials
No environment variables, credentials, or external config paths are requested. The scripts access only user home (~/.openclaw) and their own config file. Note: the default watch list includes files that may contain sensitive data (MEMORY.md, USER.md, etc.); the skill warns backups are unencrypted and provides exclude patterns.
Persistence & Privilege
Skill does not request 'always: true' and does not modify other skills. It writes backup files to ~/.openclaw/backups and may be scheduled by the user or the OpenClaw platform; ensure you understand how scheduling is registered before enabling automatic run.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-auto-backup - After installation, invoke the skill by name or use
/openclaw-auto-backup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.6
- Added English README file: README_EN.md.
- Added new configuration file: config/backup-config.json.
- Introduced core Python scripts for backup management: backup.py, restore.py, list.py, and cleanup.py (located in scripts/).
- Initial release of all necessary scripts and config files for automated backup, restore, listing, and cleanup functionalities.
v0.1.5
- Project renamed to "openclaw-auto-backup"; displayName updated.
- Version bumped from 1.0.4 to 1.0.5.
- SKILL.md and README.md extensively updated and streamlined.
- Several files removed: README_EN.md, backup scripts, and config, indicating a cleanup or packaging change.
- Tag and description updates; new focus on OpenClaw platform keywords, improved metadata.
- User and security guidance maintained; core usage and documentation simplified and clarified.
v0.1.4
**This release focuses on improved backup security and consistency.**
- backup.py now skips symbolic links during backup to prevent leaking external files.
- backup.py and restore.py now use consistent relative paths for manifest handling.
- Updated SKILL.md: Enhanced security section, clarified backup/restore symlink behavior, and outlined new best practices.
- Passed multiple ClawHub security audits for this release.
v0.1.3
openclaw-auto-backup v0.1.3 — Security improvements and audit
- Passed ClawHub security review; actively fixed key security issues.
- Addressed and fixed ZipSlip path traversal vulnerability in restore.py by implementing safe extraction and path checks.
- Standardized manifest file name to manifest.json for consistency.
- Updated logic to skip all symbolic and hard links during restore.
- Added security audit summary and best practices guidance in documentation.
v0.1.2
- Added scripts/restore.py for backup restoration functionality.
- Improved documentation in SKILL.md and READMEs, including updated installation and security instructions.
- Clarified backup storage paths and permission requirements.
- Stated that backup files are unencrypted and provided suggestions for manual encryption.
- No longer requires external repository cloning; all necessary scripts are included.
- Updated config/backup-config.json and general usage instructions.
v0.1.1
openclaw-auto-backup v0.1.1
- Added detailed documentation (README.md, README_EN.md) explaining installation, configuration, usage, and security.
- Introduced example configuration file (config/backup-config.json).
- Added Python scripts for backup, cleanup, and listing backups (scripts/backup.py, scripts/cleanup.py, scripts/list.py).
- Expanded SKILL.md with clearer configuration, usage instructions, scheduling options, and file structure.
- Improved description and tags to reflect scheduled task support and enhanced documentation.
v0.1.0
Initial release — adds auto-backup capability for OpenClaw configuration files.
- Supports manual and scheduled backups
- Provides version management and one-click restore
- Includes automatic cleanup of old backups
- Backups are stored locally
- Scheduled daily backups at 2 a.m.
Metadata
Frequently Asked Questions
What is Openclaw Auto Backup?
OpenClaw 自动备份技能 - 定时备份配置文件,防止数据丢失。 支持版本管理、一键恢复、定时任务。包含完整 Python 脚本(backup/restore/list/cleanup)。 已通过 ClawHub 多次安全审查(ZipSlip/Symlink/Manifest 修复)。 关键词:opencla... It is an AI Agent Skill for Claude Code / OpenClaw, with 529 downloads so far.
How do I install Openclaw Auto Backup?
Run "/install openclaw-auto-backup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Openclaw Auto Backup free?
Yes, Openclaw Auto Backup is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Openclaw Auto Backup support?
Openclaw Auto Backup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Openclaw Auto Backup?
It is built and maintained by williamwg2025 (@williamwg2025); the current version is v0.1.6.
More Skills