← Back to Skills Marketplace
76
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install backup-recovery-toolkit
Description
企业级备份恢复工具包,支持文件备份、数据库备份、增量备份、定时任务和灾难恢复。 Enterprise-grade backup and recovery toolkit supporting file backup, database backup, incremental backup, scheduled t...
README (SKILL.md)
Backup Recovery Toolkit | 备份恢复工具包
一套完整的数据备份与灾难恢复解决方案,保护您的重要数据安全。
A comprehensive data backup and disaster recovery solution to protect your critical data.
核心功能 | Core Features
- 📦 文件备份 | File Backup - 本地和远程文件备份
- 🗄️ 数据库备份 | Database Backup - MySQL/PostgreSQL/MongoDB备份
- 📈 增量备份 | Incremental Backup - 只备份变更部分,节省空间
- ⏰ 定时任务 | Scheduled Tasks - Cron式备份计划
- 🔄 版本管理 | Version Management - 保留多版本,支持回滚
- 🚨 灾难恢复 | Disaster Recovery - 快速恢复数据到任意时间点
快速开始 | Quick Start
命令行使用 | CLI Usage
# 备份目录 | Backup directory
python scripts/backup_toolkit.py backup --source /data --dest /backup --name "daily-backup"
# 增量备份 | Incremental backup
python scripts/backup_toolkit.py incremental --source /data --dest /backup --last-backup /backup/previous
# 恢复数据 | Restore data
python scripts/backup_toolkit.py restore --backup /backup/daily-backup --dest /data
Python API
from backup_recovery_toolkit import FileBackup, DatabaseBackup
# 文件备份 | File backup
backup = FileBackup(source="/data", destination="/backup")
backup.run(name="daily-backup")
# 数据库备份 | Database backup
db_backup = DatabaseBackup(
db_type="mysql",
host="localhost",
user="root",
password="secret",
database="mydb"
)
db_backup.run()
测试 | Tests
python -m pytest tests/ -v
Usage Guidance
This package largely behaves like a normal backup toolkit, but review and precautions are recommended before installing or running it:
- Verify presence of system binaries: the code calls mysqldump, pg_dump and mongodump via subprocess but the skill metadata does not declare these required binaries. Ensure these tools exist on any host where you run this.
- Inspect the full scripts/backup_toolkit.py (the provided listing was truncated) to confirm there are no hidden network endpoints or unexpected data exfiltration paths (especially code that would use paramiko/cryptography to send backups remotely).
- Avoid passing DB passwords on the command line or hard-coding them. The current examples & implementation may expose credentials via process lists; prefer using secured credential stores or connection files.
- Run the code first in a disposable, limited-permission environment (container or VM) with test data to confirm behavior and that only intended files are read and written.
- If you need remote backup features, confirm how SSH keys/credentials are handled; do not supply high-privilege keys without auditing the remote-transfer implementation.
Because the repository lacks an install spec and does not declare required system binaries, treat the package as potentially incomplete and verify these gaps before trusting it with production data.
Capability Analysis
Type: OpenClaw Skill
Name: backup-recovery-toolkit
Version: 1.0.0
The toolkit contains a potential path traversal vulnerability (TarSlip) in scripts/backup_toolkit.py within the RestoreManager.restore_file_backup method, which uses tarfile.extractall() without validating member paths. Additionally, the DatabaseBackup class handles sensitive credentials insecurely by passing them as command-line arguments (MySQL/MongoDB) or environment variables (PostgreSQL), exposing them to process monitoring. While these are significant security flaws, they appear to be unintentional vulnerabilities rather than intentional malicious behavior.
Capability Assessment
Purpose & Capability
The code implements file, incremental and database backups and references external tools (mysqldump, pg_dump, mongodump) via subprocess calls, and requirements.txt includes SSH/crypto libraries for remote backups—these are coherent with a backup tool. However, the skill metadata declares no required binaries even though the code expects system binaries for DB dumps. Also the registry notes 'No install spec' even though the bundle contains code and a requirements.txt (so nothing will be automatically installed). The missing declaration of required system binaries and the lack of source/homepage reduce transparency.
Instruction Scope
SKILL.md shows CLI and Python API usage that expects users to provide file paths and DB credentials. The instructions don't ask for unrelated system data. However examples and README show passing DB passwords in code/CLI; the code uses subprocess to run native DB clients which will execute external binaries and can expose credentials via process arguments. The provided scripts run filesystem operations (expected for backups).
Install Mechanism
There is no automated install spec; the README and requirements.txt instruct pip install -r requirements.txt. That's lower-risk than an arbitrary binary download, but because installation is manual the user must run pip themselves. No archive downloads or extract steps were used. The absence of an install step means dependencies and system binaries must be present on the host for the tool to work.
Credentials
The skill does not declare required environment variables or credentials, which aligns with examples that pass DB credentials as function args. But DatabaseBackup constructs subprocess commands that embed passwords (e.g. '-p{password}' for mysqldump) and sets PGPASSWORD for pg_dump; both approaches risk credential exposure (process listing, shell history). No unrelated secrets are requested, but credential-handling practices are potentially insecure and should be reviewed.
Persistence & Privilege
The skill is not force-included (always:false) and is user-invocable. It does not request to modify other skills or system-wide agent settings. Autonomous invocation is allowed by platform default but does not combine here with always:true or broad undisclosed credential access.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install backup-recovery-toolkit - After installation, invoke the skill by name or use
/backup-recovery-toolkit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of backup-recovery-toolkit:
- Supports file and database backups (MySQL, PostgreSQL, MongoDB)
- Enables incremental backups for efficient storage use
- Offers scheduled backup tasks with cron-style scheduling
- Includes version management and rollback capabilities
- Provides disaster recovery for quick data restoration
Metadata
Frequently Asked Questions
What is Backup Recovery Toolkit?
企业级备份恢复工具包,支持文件备份、数据库备份、增量备份、定时任务和灾难恢复。 Enterprise-grade backup and recovery toolkit supporting file backup, database backup, incremental backup, scheduled t... It is an AI Agent Skill for Claude Code / OpenClaw, with 76 downloads so far.
How do I install Backup Recovery Toolkit?
Run "/install backup-recovery-toolkit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Backup Recovery Toolkit free?
Yes, Backup Recovery Toolkit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Backup Recovery Toolkit support?
Backup Recovery Toolkit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Backup Recovery Toolkit?
It is built and maintained by Lv Lancer (@kaiyuelv); the current version is v1.0.0.
More Skills