← Back to Skills Marketplace
728
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install system-integrity-and-backup
Description
Encrypted backups, integrity verification, and data retention enforcement for Greek legal requirements (5-20 year retention). AES-256.
Usage Guidance
This skill appears to do what it claims (local AES-256 encryption, hashing, retention rules). Before installing, confirm these operational points: 1) Ensure the openclaw CLI referenced in the docs actually exists in your environment and you trust it. 2) Decide how scheduled jobs will get OPENCLAW_ENCRYPTION_KEY securely (use a secrets manager or orchestrator injection rather than leaving a long-lived plaintext export in shell startup files). 3) Change verification restore targets to a secure, access-controlled location inside your data directory (or ensure /tmp is encrypted and access-limited) to avoid writing plaintext backups to an insecure temp path. 4) Verify scheduling behavior (how/where background jobs run) because the SKILL.md describes background operation but provides no service/daemon install steps. 5) Confirm that human-approval hooks for deletions and migration rollbacks are implemented and tested. If these points are clarified and implemented, the skill is coherent with its stated purpose.
Capability Analysis
Type: OpenClaw Skill
Name: system-integrity-and-backup
Version: 0.1.0
The skill is classified as suspicious primarily due to a critical security vulnerability regarding the handling of the encryption key, as documented in `SKILL.md`. The skill's header metadata explicitly states that the `OPENCLAW_ENCRYPTION_KEY` is 'never stored on disk,' but a later section under 'Backup Architecture' contradicts this by indicating the key is 'stored in /data/auth/backup-key.enc.' This design flaw significantly increases the risk of compromise for encrypted backups. While the skill's overall purpose (system integrity, backup, and retention) is legitimate, this key management inconsistency represents a severe vulnerability that could be exploited.
Capability Assessment
Purpose & Capability
Name/description, required binaries (jq, openssl, tar), and required env vars (OPENCLAW_DATA_DIR, OPENCLAW_ENCRYPTION_KEY) are appropriate and expected for a local encrypted backup + integrity tool for the OpenClaw data tree.
Instruction Scope
SKILL.md confines operations to OPENCLAW_DATA_DIR and shows only local file operations and CLI commands (no network exfiltration). However it claims to "run silently in the background" and to never write the encryption key to disk while also providing scheduling commands — the instructions do not explain how scheduled/autonomous runs will obtain the ephemeral OPENCLAW_ENCRYPTION_KEY safely. Also one example restore-test target is /tmp/verify-restore (outside OPENCLAW_DATA_DIR), which contradicts the note that operations are local to OPENCLAW_DATA_DIR and raises a plaintext exposure risk during verification.
Install Mechanism
Instruction-only skill with no install spec or code files—lowest install risk. The SKILL.md uses system binaries already expected to be present; the single inline hint to use 'sudo apt install' is an OS-specific convenience but not an installer hidden in the skill.
Credentials
Only two env vars are required and both are directly relevant. Operationally, requiring OPENCLAW_ENCRYPTION_KEY to be present in environment for scheduled jobs implies you must manage secret persistence (secret manager, env injection for service, or operator session). The skill's claim to "never write [the key] to disk" is reasonable but needs an explicit, secure method for the key to be available to automated/scheduled verification runs.
Persistence & Privilege
always:false and no claims to modify other skills or system-wide config. The skill's autonomy (agent-invocable) is normal. There is no request for persistent privileges beyond access to OPENCLAW_DATA_DIR via the declared environment variable.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install system-integrity-and-backup - After installation, invoke the skill by name or use
/system-integrity-and-backup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release providing encrypted backups, automatic integrity verification, and retention enforcement for Greek legal compliance.
- Implements AES-256 encrypted backups with SHA-256 integrity checks.
- Automates retention schedules based on Greek law (5–20 years), with review before deletion.
- Enables backup verification with regular restore tests and comprehensive logging.
- Provides extensive OpenClaw CLI support for integrity checks, backup management, retention handling, and schema migrations.
- All operations are local and require environment variables for configuration—encryption keys are never stored on disk.
- Adds health status outputs for dashboard and audit/reporting features.
Metadata
Frequently Asked Questions
What is System Integrity And Backup?
Encrypted backups, integrity verification, and data retention enforcement for Greek legal requirements (5-20 year retention). AES-256. It is an AI Agent Skill for Claude Code / OpenClaw, with 728 downloads so far.
How do I install System Integrity And Backup?
Run "/install system-integrity-and-backup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is System Integrity And Backup free?
Yes, System Integrity And Backup is completely free (open-source). You can download, install and use it at no cost.
Which platforms does System Integrity And Backup support?
System Integrity And Backup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created System Integrity And Backup?
It is built and maintained by Stems (@satoshistackalotto); the current version is v0.1.0.
More Skills