← Back to Skills Marketplace
375
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install self-backup
Description
Backup OpenClaw workspace files like AGENTS.md, SOUL.md, scripts/, and configs to a GitHub repo, with token sanitization and version control.
Usage Guidance
This skill appears to do what it says, but before using it: 1) Review the three scripts (setup.sh, backup.sh, sanitize-config.sh) yourself to confirm they match your expectations. 2) Be aware the scripts will read files under ~/.openclaw (AGENTS.md, SOUL.md, MEMORY.md, openclaw.json, scripts/, skills/), so sensitive content could be copied to the remote repo. 3) Ensure you have git, jq, and (optionally) gh installed — the metadata didn't declare these but the scripts require them; without jq sanitization is skipped. 4) Use a private repository you control and test with --dry-run first. Inspect the sanitized openclaw.json output to verify redaction is sufficient for your config (the sanitizer targets specific keys and may miss nonstandard tokens). 5) Avoid running as an elevated user; consider running the backup once manually in a safe environment or container before trusting automated/autonomous runs. 6) If you do not trust the skill or want stricter guarantees, copy files manually into a safe location and audit them before pushing to any remote.
Capability Analysis
Type: OpenClaw Skill
Name: self-backup
Version: 1.0.0
The 'self-backup' skill is designed to back up OpenClaw workspace configuration, scripts, and memory logs to a user-specified GitHub repository. It includes a proactive security measure in `scripts/sanitize-config.sh` that uses `jq` to redact sensitive API tokens (Telegram, Discord, etc.) from `openclaw.json` before pushing to the remote repository. The scripts (`backup.sh`, `setup.sh`) are transparent, follow the stated purpose, and do not contain any hidden exfiltration or malicious execution logic.
Capability Assessment
Purpose & Capability
The skill's name/description match what the scripts do: copy ~/.openclaw workspace files, sanitize, and push to a GitHub repo. However, the registry metadata claims no required binaries or env vars while the scripts clearly expect git, jq (for sanitization), and optionally the GitHub CLI (gh). That mismatch between declared requirements and actual runtime needs is a configuration/information gap that could surprise users.
Instruction Scope
SKILL.md and the scripts explicitly instruct the agent/user to read files under ~/.openclaw (AGENTS.md, SOUL.md, openclaw.json, scripts, memory, skills metadata) and to clone/push to a remote GitHub repository. Reading these local files is required for the stated backup purpose, but it does mean the skill will access potentially sensitive files (memory, identity, skill metadata). The scripts copy SKILL.md files from local skills (metadata-only), which could disclose local skill information.
Install Mechanism
There is no install spec (instruction-only) and the skill ships scripts that will run on-demand; nothing is downloaded from arbitrary URLs. This lowers code-install risk. Still, the scripts assume external tools (git, jq, gh) that must be present or installed per SKILL.md.
Credentials
The skill declares no required environment variables or primary credential, yet it expects the user to authenticate to GitHub (gh auth login) or otherwise provide git credentials to push backups. The omission of these expectations from metadata is misleading. Also, although sanitize-config.sh redacts some known token fields in openclaw.json, sanitization targets a limited set of keys and will skip sanitization if jq is missing — so secrets could still be pushed if users don't review outputs or lack jq.
Persistence & Privilege
The skill is not force-enabled (always: false) and does not request persistent elevated privileges. It can be invoked autonomously (platform default), which increases blast radius if you allow autonomous execution, but this is normal for skills and not a standalone red flag here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install self-backup - After installation, invoke the skill by name or use
/self-backup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the self-backup skill for OpenClaw.
- Backs up key workspace files (configurations, scripts, skill metadata) to a configurable private GitHub repository.
- Includes automatic sanitization of sensitive tokens for security.
- Provides easy setup, restore, and manual/automated backup options.
- Supports customizable repository structure and backup content via configuration.
- Documentation covers setup, usage, restore process, and troubleshooting tips.
Metadata
Frequently Asked Questions
What is self-backup?
Backup OpenClaw workspace files like AGENTS.md, SOUL.md, scripts/, and configs to a GitHub repo, with token sanitization and version control. It is an AI Agent Skill for Claude Code / OpenClaw, with 375 downloads so far.
How do I install self-backup?
Run "/install self-backup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is self-backup free?
Yes, self-backup is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does self-backup support?
self-backup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created self-backup?
It is built and maintained by Yue Ma (@mayueanyou); the current version is v1.0.0.
More Skills