← Back to Skills Marketplace
747
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install restic-home-backup-safe
Description
Design, implement, and operate encrypted restic backups for Linux home directories with systemd automation, retention policies, and restore validation. Use w...
Usage Guidance
This skill appears to do what it says, but follow these precautions before applying changes: (1) Review scripts/bootstrap_restic_home.sh locally in plan-only mode (run without --apply) to confirm paths/schedules. (2) Ensure restic is installed at /usr/bin/restic (or edit scripts to your restic path). (3) Be aware applying (--apply) writes files under /etc and /usr/local/bin and installs systemd units which will run as root—confirm this matches your security policy. (4) If you intend to use a remote backend (S3/B2/sftp), plan how repository credentials will be provided (the script currently generates/stores a local password file but does not manage cloud credentials). (5) After apply, verify permissions on /etc/restic-home/* (should be 600) and perform the restore smoke test described in the ops checklist. (6) If unsure, run in plan-only mode and manually inspect generated artifacts before using --apply. If you want a more restrictive setup (non-root service user, SELinux/AppArmor constraints, or integration with your secret manager), request those explicit changes before applying.
Capability Analysis
Type: OpenClaw Skill
Name: restic-home-backup-safe
Version: 1.0.0
The skill bundle is designed for a legitimate purpose (restic home backups) and implements strong safety boundaries, notably requiring an explicit `--apply` flag for system changes, as documented in SKILL.md. However, the `scripts/bootstrap_restic_home.sh` script directly uses user-provided inputs like `--user` (for `USER_NAME`) and `--timezone` (for `TIMEZONE`) in path constructions and systemd unit files without explicit sanitization. While the script's intent is benign, this lack of input validation presents a vulnerability that could potentially be exploited via prompt injection against the AI agent, leading to path traversal or command injection if malicious inputs are crafted for these parameters and downstream commands are not sufficiently robust.
Capability Assessment
Purpose & Capability
Name/description (restic home backup with systemd automation) match the included artifacts: SKILL.md describes intended inputs/outputs and safety boundaries, and scripts/bootstrap_restic_home.sh creates env, backup/prune/check scripts and systemd units as advertised.
Instruction Scope
SKILL.md and the bootstrap script stay within backup setup scope. The script is PLAN-ONLY by default and requires --apply to write to /etc, /usr/local/bin, and /etc/systemd/system, and it avoids printing secrets. Note: applying changes requires root privileges and the produced systemd units run without a User= line (will run as root); this is typical for full system backups but is a security decision the operator should review.
Install Mechanism
Instruction-only skill with a local bootstrap script; there is no network download/install step, no external package pulls, and no archives are extracted. Risk from install mechanism is low.
Credentials
The skill requests no external environment variables or credentials. It will create a local password file (/etc/restic-home/password) and an environment file (/etc/restic-home.env) to hold RESTIC_REPOSITORY and RESTIC_PASSWORD_FILE; these are proportional to the task. Operators should note the script may generate a password if none exists and will store it on-disk.
Persistence & Privilege
The skill does not request always:true and does not persist as a continuously running skill. If applied, it writes systemd timer/unit files and scripts into system locations (expected for a backup solution). This grants ongoing system behavior (scheduled backups) but that is coherent with the stated purpose.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install restic-home-backup-safe - After installation, invoke the skill by name or use
/restic-home-backup-safe - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Plan-only default, explicit --apply required, optional timer/init/first-backup flags.
Metadata
Frequently Asked Questions
What is Restic Home Backup (Safe Apply Mode)?
Design, implement, and operate encrypted restic backups for Linux home directories with systemd automation, retention policies, and restore validation. Use w... It is an AI Agent Skill for Claude Code / OpenClaw, with 747 downloads so far.
How do I install Restic Home Backup (Safe Apply Mode)?
Run "/install restic-home-backup-safe" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Restic Home Backup (Safe Apply Mode) free?
Yes, Restic Home Backup (Safe Apply Mode) is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Restic Home Backup (Safe Apply Mode) support?
Restic Home Backup (Safe Apply Mode) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Restic Home Backup (Safe Apply Mode)?
It is built and maintained by Moep90 (@moep90); the current version is v1.0.0.
More Skills