← Back to Skills Marketplace

Yaoyao Cloud Backup V2

Name: Yaoyao Cloud Backup V2
Author: taobaoaz

by taobaoaz · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

108

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install yaoyao-cloud-backup

Description

云端与外部备份同步套件【首次自动引导】安装后首次访问即自动引导配置【多云支持】IMA、WebDAV、S3、FTP/SFTP、Samba 等【小白友好】全对话式操作，无需查看任何文档

Usage Guidance

This package appears to implement legitimate backup functionality, but exercise caution: do not paste credentials into chat—instead create the secrets file manually with least-privileged keys; prefer creating dedicated sub-user/key with minimal permissions for any cloud provider. Inspect the included scripts (especially memory_exporter.py, unified_sync.py, backup/export paths and any network calls) before running. Be aware credentials are stored in plaintext at ~/.openclaw/credentials/secrets.env by default. If you must try it, run in an isolated environment (VM or container), review and possibly remove or encrypt storage of secrets, and avoid giving root or full-access keys. If you expect strong privacy guarantees, note the SKILL.md claims are misleading: the tool reads and exports your memory files and scans local config/mounts. If uncertain, don't install or run until the author provides a privacy/security audit or source provenance.

Capability Analysis

Type: OpenClaw Skill Name: yaoyao-cloud-backup Version: 1.0.1 The yaoyao-cloud-backup bundle is a comprehensive utility designed to back up and synchronize OpenClaw memory data to various cloud services (S3, WebDAV, SFTP, Samba, and IMA). The bundle includes scripts for auto-detecting local cloud clients (scripts/auto_detect.py), an interactive setup wizard (scripts/auto_setup.py), and a unified synchronization engine (scripts/unified_sync.py). While the tool performs extensive filesystem scanning to identify potential backup targets and handles sensitive credentials, these actions are transparently documented and directly support its stated purpose. No evidence of malicious intent, unauthorized data exfiltration, or harmful prompt injection was found.

Capability Tags

requires-sensitive-credentials

Capability Assessment

✓ Purpose & Capability

Name/description match the code: scripts implement multi-provider backup (WebDAV, S3/OSS, SFTP, Samba, IMA). Required capabilities (reading local memory dir, reading a secrets file or env vars, network uploads to configured services) are expected for a backup/sync tool.

⚠ Instruction Scope

SKILL.md instructs users to '把邮箱和应用密码告诉我' (paste credentials into chat) and to put all credentials into ~/.openclaw/credentials/secrets.env. The code reads that file and scans many user dirs (home config files, mounts, /proc/mounts). The skill also claims '不收集用户敏感信息' and '只能访问 exports/ 目录' while its scripts export and upload the user's memory files (~/.openclaw/workspace/memory). Encouraging conversational disclosure of credentials and the mismatch between promised privacy and actual data access are concerning.

ℹ Install Mechanism

No install spec (instruction-only at registry level) which lowers install-time risk, but the skill bundle includes many executable Python scripts. There are no downloads or external install URLs in the provided files, and publish.sh uses local rsync/clawhub only. Because code is packaged, it will run on the host if invoked — review scripts before execution.

⚠ Credentials

The registry metadata declares no required env vars, yet the runtime and code expect/encourage many credentials (IMA, WEBDAV, S3_ACCESS_KEY/S3_SECRET_KEY, SFTP, SAMBA, etc.) stored in plaintext at ~/.openclaw/credentials/secrets.env or supplied via chat. Asking users to provide root-like AccessKey or plain passwords via conversation is disproportionate and risky; secrets are not encrypted by the skill.

✓ Persistence & Privilege

Skill is not force-installed (always:false) and does not request elevated platform privileges in metadata. It writes/reads files under the user's home (~/.openclaw) which is normal for a per-user backup tool and does not appear to modify other skills' configs.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install yaoyao-cloud-backup
After installation, invoke the skill by name or use /yaoyao-cloud-backup
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

yaoyao-cloud-backup v1.0.1 - 新增 NAS 同步脚本 scripts/sync_to_nas.py，支持备份到 NAS（Samba） - 移除 Samba 同步脚本 scripts/sync_samba.py，实现方式整合为统一适配 - cloud_adapter.py 优化与适配 Samba/NAS 的备份逻辑 - 文档（SKILL.md）完善 Samba/NAS 配置说明与使用指南 - 版本号更新为 1.0.1

v1.0.0

yaoyao-cloud-backup 1.0.0 - 首次发布：云端与外部备份同步套件，安装后首次访问自动引导配置 - 支持多种云服务：IMA、WebDAV、S3、FTP/SFTP、Samba 等多云接入 - 全对话式“小白友好”操作，无需命令行或查阅文档 - 安全特性：凭证独立存储、同步文件带来源标记、目录隔离 - 自动检测本地及云备份环境，一键配置常用服务（如坚果云、阿里云OSS、Samba/NAS、SFTP）

Metadata

Slug yaoyao-cloud-backup

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Yaoyao Cloud Backup V2?

云端与外部备份同步套件【首次自动引导】安装后首次访问即自动引导配置【多云支持】IMA、WebDAV、S3、FTP/SFTP、Samba 等【小白友好】全对话式操作，无需查看任何文档. It is an AI Agent Skill for Claude Code / OpenClaw, with 108 downloads so far.

How do I install Yaoyao Cloud Backup V2?

Run "/install yaoyao-cloud-backup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Yaoyao Cloud Backup V2 free?

Yes, Yaoyao Cloud Backup V2 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Yaoyao Cloud Backup V2 support?

Yaoyao Cloud Backup V2 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Yaoyao Cloud Backup V2?

It is built and maintained by taobaoaz (@taobaoaz); the current version is v1.0.1.

More Skills