← Back to Skills Marketplace
831
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install restic-home-backup
Description
Design, implement, and operate encrypted restic backups for Linux home directories with systemd automation, retention policies, and restore validation. Use w...
Usage Guidance
This skill appears to do what it says, but review and run it safely: 1) Read scripts/bootstrap_restic_home.sh yourself before running. 2) Run it in PLAN-ONLY mode first (no --apply) to inspect the proposed changes. 3) Ensure restic is installed and reachable at /usr/bin/restic (adjust script if restic is elsewhere). 4) Be prepared that the script will create /etc/restic-home.env and a password file at /etc/restic-home/password (chmod 600) — if you prefer an existing password file or secret manager, supply that path via --password-file. 5) Only run with --apply and enable timers when you accept the systemd/unit changes and understand where your repository (S3/SFTP/local) stores data and credentials. 6) If you need this on non-standard home paths (e.g., root), verify the script handles that or modify accordingly.
Capability Analysis
Type: OpenClaw Skill
Name: restic-home-backup
Version: 1.0.2
The skill bundle is classified as suspicious due to several critical shell injection and path traversal vulnerabilities in `scripts/bootstrap_restic_home.sh`. User-provided inputs for `--repo`, `--password-file`, `--user`, and `--timezone` are not adequately sanitized before being written into configuration files or used in commands. This could allow a malicious actor to achieve arbitrary command execution (e.g., via crafted `--repo` value), manipulate arbitrary files (via `--password-file`), or alter the backup scope (via `--user`). While the `SKILL.md` defines good safety boundaries and the script implements an `--apply` mechanism, these vulnerabilities represent significant risks without clear evidence of intentional malicious design.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md workflow, ops checklist, and the bootstrap script all align: they implement restic-backed home-directory backups, systemd timers, retention/prune, and validation. The included script performs exactly the described tasks and enforces a plan-only default.
Instruction Scope
Instructions explicitly require user confirmation (or --apply) before writing to /etc, /usr/local/bin, or systemd, and the script enforces plan-only by default. The script does create credential and unit files, source /etc/restic-home.env, and may generate a password file under /etc/restic-home/password; these actions are expected for the stated purpose. Small caveat: SKILL.md promises 'Never print secrets' — the script prints the path to the generated password file but not the password itself, which matches the promise. Overall scope is appropriate.
Install Mechanism
This is an instruction-only skill with one included helper script; there is no automated installer or downloaded code from external URLs. Risk from install mechanism is low.
Credentials
The skill requests no environment variables or credentials in metadata, and it doesn't transmit secrets externally. The bootstrap generates and stores a password file and an /etc/restic-home.env file (both with chmod 600), which is appropriate. Minor mismatch: metadata does not list required binaries (restic, and optionally openssl), though the script checks for restic and uses openssl if available.
Persistence & Privilege
The script writes system files and creates/enables timers only when run with --apply; the skill is not always-enabled and does not request privileged persistent presence in the agent. This level of system access is expected and described in the SKILL.md.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install restic-home-backup - After installation, invoke the skill by name or use
/restic-home-backup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Hardening: default plan-only mode, explicit --apply for system writes, and opt-in flags for timers/init/initial run.
v1.0.1
Security hardening: bootstrap is now plan-only by default with explicit --apply required; systemd enable/init/first backup are opt-in flags.
v1.0.0
Initial release: automated restic home backup bootstrap with random password generation, timers, and ops checklist.
Metadata
Frequently Asked Questions
What is Restic Home Backup?
Design, implement, and operate encrypted restic backups for Linux home directories with systemd automation, retention policies, and restore validation. Use w... It is an AI Agent Skill for Claude Code / OpenClaw, with 831 downloads so far.
How do I install Restic Home Backup?
Run "/install restic-home-backup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Restic Home Backup free?
Yes, Restic Home Backup is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Restic Home Backup support?
Restic Home Backup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Restic Home Backup?
It is built and maintained by Moep90 (@moep90); the current version is v1.0.2.
More Skills