Description

Back up the full OpenClaw environment (~/.openclaw) to a Git repository. Supports scheduled backups, interactive restore, and Git LFS for large model files.

README (SKILL.md)

claw-saver

Name: claw-saver
Author: jixsonwang

Back up the entire OpenClaw environment (~/.openclaw) to a Git repository. Supports scheduled backups, interactive restore, and exponential backoff on network failures.

Features

Full backup: Everything in ~/.openclaw is backed up, including agents, skills, configurations, knowledge bases, and agent memory
Smart exclusions: Only ignores clearly harmless runtime artifacts (logs, cache, node_modules, canvas)
Scheduled backups: Configurable cron schedule (default: every 5 hours)
Atomic commits: Two-commit strategy ensures backup files and restore guide are always consistent
Git LFS support: Large model files are auto-tracked via Git LFS
Exponential backoff: Failed pushes retry with 60s -> 120s -> 240s delays
Stale lock protection: Orphan backup processes are detected and cleaned up
Dynamic .gitignore: Scans the actual directory structure, no hardcoded assumptions

Quick Start

# 1. Configure your Git token
openclaw config set env.OPENCLAW_BACKUP_GIT_TOKEN \x3Cyour-token>

# 2. Set your repository URL
# Edit ~/.openclaw/skills/claw-saver/config.json and set "repo"
# Example: "repo": "https://cnb.cool/yourname/your-repo"

# 3. Run your first backup
openclaw backup run

# 4. Enable automatic backups (every 5 hours)
openclaw backup enable-cron

CLI Commands

openclaw backup run            # Run backup immediately
openclaw backup status         # Show last backup time and commit hash
openclaw backup restore        # Restore from a previous commit (interactive)
openclaw backup enable-cron    # Enable scheduled backups
openclaw backup disable-cron   # Disable scheduled backups
openclaw backup set-cron \x3Cexpr> # Set custom schedule (e.g. "0 */2 * * *")

Configuration

Edit ~/.openclaw/skills/claw-saver/config.json:

{
  "repo": "https://cnb.cool/yourname/your-repo",
  "cron": "0 */5 * * *",
  "lfs_threshold_mb": 10,
  "lfs_extensions": [".bin", ".gguf", ".safetensors", ".pt", ".pth", ".onnx", ".msgpack", ".model"],
  "push_retries": 3,
  "push_retry_interval_ms": 60000
}

Option	Default	Description
`repo`	(required)	Git repository URL
`cron`	`0 /5 * *`	Backup schedule (cron expression, in system timezone)
`lfs_threshold_mb`	`10`	Files larger than this are tracked via Git LFS
`lfs_extensions`	(see above)	File extensions to LFS-track
`push_retries`	`3`	Max push retry attempts on failure
`push_retry_interval_ms`	`60000`	Initial retry delay (doubles each attempt)

What Is Backed Up

Everything except harmless runtime artifacts:

# === BACKED UP ===
agents/              # Agent configurations, auth profiles, session data
credentials/         # Channel credentials and keys
identity/           # Device identity keys
kb/                 # Knowledge base (user docs + vector database)
lts/                # Long-term scripts (cleanup, OOM protection)
openclaw.json       # Core configuration (含 tokens)
skills/             # All installed skills and their configs
workspace-* /       # Agent workspaces, memory, learnings
**/.learnings/      # Agent self-improvement logs
**/.openclaw/       # Per-workspace OpenClaw state
And all other directories in ~/.openclaw/

What Is Excluded (Runtime Artifacts Only)

These are transient or rebuildable and intentionally not backed up:

.git/               # Git repository itself (local only)
logs/               # Runtime logs
canvas/             # Canvas runtime state
media/             # Uploaded media files
npm/               # NPM packages (rebuild with npm install)
cron/runs/         # Cron execution history
**/node_modules/   # Dependencies (rebuild with npm install / pip install)
**/__pycache__/     # Python bytecode cache
**/.cache/          # Generic cache
**/dreaming/        # Short-term memory state
*.tmp, *.bak        # OS noise
.backup.lock        # Runtime lock file

User data principle: If in doubt, it is backed up. Credentials, identity keys, knowledge bases, agent memory, and learned data are all preserved.

Security

Token isolation: The token is stored only in ~/.openclaw/.git/config (local, never pushed to the backup repo) and in the cron environment variable (local system only)
No token in commits: RESTORE.md and commit messages contain only the repo URL, never the token
stderr suppressed: git push stderr is redirected to prevent token leakage in error messages
git directory excluded: .git/ is in .gitignore, so .git/config (containing the token in the remote URL) is never backed up

Restore

openclaw backup restore

This clones the repository to a temp directory, checks out the specified commit, and copies files back to ~/.openclaw. A running backup is preserved (skills/claw-saver stays live during restore).

After restore completes:

openclaw gateway restart

Restore Guide

A RESTORE.md file is generated with each backup, embedded in the backup commit. It contains the exact commit hash, clone instructions, and a list of what was excluded so you know what needs manual restoration.

Architecture

skills/claw-saver/
  lib/
    backup.js      # Core orchestration (lock, stage, commit, push)
    git.js         # Git operations (init, add, commit, push, clone)
    lfs.js         # Git LFS setup and tracking
    restore.js     # Interactive restore logic
  scripts/
    cli.js         # CLI entry point (run, status, restore, cron)
  config.json      # User configuration (repo, cron, LFS settings)

Lock Mechanism

Concurrent backup runs are prevented via an atomic mkdir-based lock:

Lock dir: ~/.openclaw/.backup.lock/ (pid file inside)
If a stale lock is detected (holder PID is dead), it is forcibly taken over
Lock is always released via finally{} after backup completes or fails

Usage Guidance

Install only if you are comfortable placing the full OpenClaw environment, including secrets and agent memory, into a tightly controlled Git repository. Use a private encrypted repo if possible, review what will be committed, avoid broad tokens, and be cautious enabling scheduled backups until the token-handling and shell-command issues are fixed.

Capability Analysis

Type: OpenClaw Skill Name: claw-saver Version: 1.6.2 The skill is a backup utility that intentionally collects and exfiltrates highly sensitive data, including 'credentials/', 'identity/' keys, and 'openclaw.json' (containing tokens), to a user-defined Git repository. While this aligns with its stated purpose of a 'full backup,' the implementation contains several high-risk security practices: it injects the Git access token into the remote URL (stored in plaintext in .git/config in lib/git.js) and embeds the token directly into the system crontab (scripts/cli.js), making it visible to other local processes. Additionally, the restore function in lib/restore.js performs a destructive wipe of the ~/.openclaw directory. While no hardcoded malicious exfiltration endpoint was found, the handling of secrets and the broad data access scope present a significant security risk.

Capability Tags

requires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

⚠ Purpose & Capability

The backup behavior is coherent with the stated purpose, but the scope is extremely broad: credentials, identity keys, auth profiles, knowledge bases, agent memory, and token-bearing configuration are intentionally included in remote Git backups.

⚠ Instruction Scope

The documentation discloses broad backups, but its security section claims token isolation/no token-in-commit behavior that conflicts with backing up openclaw.json containing tokens.

ℹ Install Mechanism

There is no install script, but runtime operation depends on local git, git-lfs, crontab, and shell execution.

⚠ Credentials

Full access to ~/.openclaw is proportionate for a full backup tool, but pushing credentials, identity material, private documents, and agent memory to Git without clear encryption or secret filtering is high impact.

⚠ Persistence & Privilege

The skill supports persistent cron-based backups and embeds the backup token into the cron command line, so sensitive uploads can continue after initial setup.

Version History

v1.6.2

v1.6.2: re-publish with ClawScan note explaining execSync usage v1.6.1: docs rewrite + bug fixes

v1.6.1

v1.6.1: docs rewrite + bug fixes

v1.6.0

v1.6.0: renamed from openclaw-backup to claw-saver; v1.5.0: initial release with backup/restore/cron, Git LFS, snapshot restore, TTY safety, exponential backoff

v1.5.0

Initial release: backup/restore/cron, Git LFS, snapshot restore, TTY safety, exponential backoff

Metadata

Slug claw-saver

Version 1.6.2

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 4

Frequently Asked Questions

What is claw-saver?

Back up the full OpenClaw environment (~/.openclaw) to a Git repository. Supports scheduled backups, interactive restore, and Git LFS for large model files. It is an AI Agent Skill for Claude Code / OpenClaw, with 157 downloads so far.

How do I install claw-saver?

Run "/install claw-saver" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is claw-saver free?

Yes, claw-saver is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does claw-saver support?

claw-saver is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created claw-saver?

It is built and maintained by Jixson (@jixsonwang); the current version is v1.6.2.

More Skills

claw-saver

claw-saver

Features

Quick Start

CLI Commands

Configuration

What Is Backed Up

What Is Excluded (Runtime Artifacts Only)

Security

Restore

Restore Guide

Architecture

Lock Mechanism

What is claw-saver?

How do I install claw-saver?

Is claw-saver free?

Which platforms does claw-saver support?

Who created claw-saver?

💬 Comments