← Back to Skills Marketplace
Openclaw User Data Pack
by
Zhaobudaoyuema
· GitHub ↗
· v1.0.5
· MIT-0
246
Downloads
0
Stars
1
Active Installs
5
Versions
Install in OpenClaw
/install openclaw-user-data-pack
Description
Agent instructions: pack/apply OpenClaw user data via scripts; overwrite-by-path only. You dry-run first, read EXPORT_MANIFEST.txt, gate optional layers, res...
Usage Guidance
This skill appears to do what it says: create/export a zip with EXPORT_MANIFEST.txt and extract it back into OpenClaw dirs. Before using it: always run the scripts with --dry-run first and inspect EXPORT_MANIFEST.txt inside the produced zip; back up the target OpenClaw home/workspace (only openclaw.json gets an automatic .bak timestamped file when restored); do not enable sessions or config snapshot flags unless you understand they may include full chat transcripts or tokens; only apply zips from trusted sources. Note that following SKILL.md will require running `pip install -r requirements.txt` which fetches json5 from PyPI — if you or your agent run that, understand it performs a network package install. If you want extra safety, inspect the provided Python scripts locally before running them and run pack/apply on a throwaway copy first.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-user-data-pack
Version: 1.0.5
The skill bundle provides legitimate backup and restore functionality for OpenClaw user data, featuring robust path traversal protections in `scripts/apply_openclaw.py` and safety-conscious agent instructions in `SKILL.md`. However, it is classified as suspicious due to a shell injection vulnerability in `publish_npm.py`. This script uses `subprocess.run` with `shell=True` on Windows to execute optional hooks (`skill.cmd`/`skill.bat`) while passing unvalidated user-supplied command-line arguments (the changelog), which could allow for arbitrary command execution in a developer's environment.
Capability Assessment
Purpose & Capability
Name/description match the actual files and behavior: pack_openclaw.py builds a zip with EXPORT_MANIFEST.txt and apply_openclaw.py extracts files into workspace and ~/.openclaw paths. Required capabilities are proportional — no unrelated credentials, binaries, or config paths are demanded.
Instruction Scope
SKILL.md gives precise runtime instructions (dry-run first, read EXPORT_MANIFEST.txt, gate optional layers, require explicit consent for sessions/config/managed-skills). The instructions only reference files the tool legitimately needs (workspace, openclaw.json, zip manifest). They explicitly forbid writing credentials/credential dirs and emphasize backups and user confirmation for sensitive layers.
Install Mechanism
There is no registry install spec (instruction-only install), but SKILL.md tells the agent to run `pip install -r requirements.txt` as needed. The requirements are minimal (json5). This is expected but means the agent will fetch a PyPI package if it runs that step — moderate risk compared with an all-local instruction-only skill; however the included Python scripts are present in the package and do not download arbitrary code themselves.
Credentials
The skill requests no secret env vars and only uses OPENCLAW_HOME / optional OPENCLAW_PROFILE for normal path resolution. It warns that openclaw.json may contain tokens/secrets and requires explicit opt-in to include/restore that config. The scripts intentionally avoid ~/.openclaw/credentials and perform path-safety checks.
Persistence & Privilege
Skill is not always-enabled and is user-invocable. It does not modify other skills or system-wide config beyond writing into the user's OpenClaw directories when invoked. Autonomous invocation is allowed by platform default but not combined with other concerning privileges here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-user-data-pack - After installation, invoke the skill by name or use
/openclaw-user-data-pack - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.5
openclaw-user-data-pack 1.0.5
- Major SKILL.md rewrite: dramatically condensed agent instructions; emphasizes one-sentence job, explicit dry-run/preview/consent, and that scripts perform path-level overwrite only.
- Moves all merge/collision/consent responsibilities onto the agent—scripts never merge semantically.
- Strongly separates agent-role directions from end-user help; clarifies requirement to preview, read manifests, prompt for each optional layer, and handle all conflicts before running applies.
- Rewords warnings about sensitive data, credential handling, and upload risks; explains exactly what the scripts do and do not cover.
- README and other docs updated for new agent workflow; Python scripts directory reference removed from packaging.
v1.0.4
- Bump version to 1.0.4 in SKILL.md.
- No functional or content changes; only the version number updated.
v1.0.3
openclaw-user-data-pack 1.0.3
- Improved SKILL.md with new guidance on semantic vs blind overwrites during restore: agents must not blindly overwrite memory or skill files with the same path, but instead reconcile content and alert on conflicts.
- Clarified agent responsibilities when user data conflicts exist, with concrete instructions for deduplication, merging, or user intervention.
- Added operational hints and best practices around dry-run usage and collision handling in restore.
- Updated documentation style for safety measures and clear user decision points. No changes to the Python scripts themselves.
v1.0.2
Release 1.0.2
v1.0.0
Initial release of OpenClaw user data pack skill.
- Enables packing OpenClaw user data into a zip file with an export manifest for migration or backup.
- Default pack includes workspace data; optional layers (managed skills, session logs, config) require explicit user approval.
- Restore (apply) workflow unpacks only authorized components and warns before overwriting sensitive or existing files.
- Safety guidelines provided: excludes credentials, warns against insecure backup storage, and advises re-login on new machines.
- Includes clear CLI usage and quick commands for both packing and applying data.
Metadata
Frequently Asked Questions
What is Openclaw User Data Pack?
Agent instructions: pack/apply OpenClaw user data via scripts; overwrite-by-path only. You dry-run first, read EXPORT_MANIFEST.txt, gate optional layers, res... It is an AI Agent Skill for Claude Code / OpenClaw, with 246 downloads so far.
How do I install Openclaw User Data Pack?
Run "/install openclaw-user-data-pack" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Openclaw User Data Pack free?
Yes, Openclaw User Data Pack is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Openclaw User Data Pack support?
Openclaw User Data Pack is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Openclaw User Data Pack?
It is built and maintained by Zhaobudaoyuema (@zhaobudaoyuema); the current version is v1.0.5.
More Skills