← Back to Skills Marketplace
pfrederiksen

Synology Backup

by Paul Frederiksen · GitHub ↗ · v2.0.3 · MIT-0
cross-platform ✓ Security Clean
1086
Downloads
2
Stars
5
Active Installs
17
Versions
Install in OpenClaw
/install synology-backup
Description
Backup and restore OpenClaw workspace, configs, and agent data to a Synology NAS via SMB or SSH/rsync. Use when: backing up workspace files, restoring from a...
Usage Guidance
This skill appears to be what it claims: a Synology NAS backup/restore utility implemented with readable shell scripts and JSON config. Before installing, consider the following: 1) Prefer SSH transport with key-based auth (no SMB password file) and use Tailscale if you need remote connectivity. 2) Do not add sensitive files (like .env or API keys) to backupPaths unless you understand the risk and the NAS share is tightly access-controlled and encrypted. 3) The scripts expect a credentials file (~/.openclaw/.smb-credentials) for SMB or SSH keys in ~/.ssh for SSH — ensure those files are created securely (chmod 600) and managed by you. 4) The bundle optionally supports Telegram notifications; if you enable them you will need to supply a bot/token out of band — the skill metadata does not declare a Telegram credential variable. 5) Mounting CIFS may require root privileges; test the scripts with --dry-run and in a safe environment before scheduling them in production. 6) If you want extra assurance, inspect the send_telegram implementation in lib.sh (it is referenced by the scripts) and test the dry-run path to confirm behavior matches your expectations.
Capability Analysis
Type: OpenClaw Skill Name: synology-backup Version: 2.0.3 The synology-backup skill is a well-structured utility for backing up OpenClaw data to a Synology NAS via SMB or SSH. The scripts (backup.sh, restore.sh, verify.sh) include robust security practices, such as comprehensive input validation in lib.sh to prevent shell injection, path allowlisting during restoration to prevent arbitrary file writes, and secure credential management via a restricted-permission file. The instructions in SKILL.md are aligned with the stated purpose and do not contain any malicious prompt-injection attempts.
Capability Assessment
Purpose & Capability
Name/description align with the files and behavior: scripts perform rsync/cifs or rsync-over-SSH backups, snapshotting, pruning, integrity verification, and restore. Declared required binaries (rsync, jq) and the apt suggestions (cifs-utils, rsync, jq) are appropriate for the intended functionality.
Instruction Scope
SKILL.md and the scripts limit actions to mounting the NAS, running rsync/cp, building manifests, pruning snapshots, and reporting status. The code explicitly validates config fields and backup path values, and uses an allowlist for restore operations. Note: the skill will back up sub-agent workspaces by default and can be configured to include sensitive files (e.g., .env) — the documentation warns about this. Also the scripts expect the user to create local credentials and SSH known_hosts entries; these are operationally necessary but expand the data the skill touches (local configs and optionally secrets if the user opts to include them).
Install Mechanism
There is no automated download/install step in the registry spec; the bundle is source + scripts and the SKILL.md lists apt install commands for required packages. No remote downloads or archive extraction are used by the install instructions, which reduces supply-chain risk.
Credentials
The registry metadata declares no required environment variables or primary credential; the skill instead relies on a user-provided JSON config (~/.openclaw/synology-backup.json), an SMB credentials file (~/.openclaw/.smb-credentials) for SMB transport, or SSH key auth for SSH transport — all proportional to a backup tool. Minor discrepancy: the scripts reference optional Telegram notifications (send_telegram) and TELEGRAM_TARGET in config, which implies the use of a Telegram bot token or similar credential at runtime, but no explicit env var is declared in the skill metadata — the token would be a separate user-provided secret. Also mounting CIFS typically requires appropriate system privileges (root) which the registry metadata does not mention; this is an operational requirement rather than a covert one.
Persistence & Privilege
always:false and model invocation are default. The skill does not request permanent/global agent privileges and does not modify other skills' configs. It writes state/manifest files into user-specified locations on the NAS or local temp/state files in the skill directory — expected for a backup tool.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install synology-backup
  3. After installation, invoke the skill by name or use /synology-backup
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.3
Cleaned notification flow, removed hidden shell-side delivery, aligned docs with implementation, and kept backup behavior hardened for safer cron-owned alerts.
v2.0.2
Security hardening: StrictHostKeyChecking=yes in all scripts (was accept-new), add metadata.requires declaring rsync/jq/cifs-utils dependencies for registry scanners
v2.0.1
Docs: address security review findings — document jq dependency, Telegram alert mechanism (no bot token stored), SSH accept-new host key warning, .env exclusion rationale, dry-run recommendation before enabling cron
v2.0.0
Fix fragile rsync: --copy-links to dereference symlinks (fixes SMB I/O errors on symlinked files), continue past per-path failures instead of aborting, mount retry with health check, detailed failure alerts showing which paths failed
v1.2.1
- Improved backup logging: now prints a summary table after each backup run, including status, snapshot date, and result for easier tracking. - Enhanced error handling in backup.sh to ensure clearer exit codes and failure alerts. - Refactored code in scripts/backup.sh and scripts/lib.sh for reliability and maintainability. - No changes to configuration or usage required.
v1.2.0
- Adds support for excluding files/folders via backupExclude config field. - Adds preRestoreRetention setting to control how long pre-restore safety snapshots are kept. - Option to send Telegram notification on successful backups with notifyOnSuccess. - Expanded and clarified SSH transport configuration (sshHost, sshPort, sshDest). - Always excludes .git/ and node_modules/ from backups to save space and improve speed.
v1.1.5
synology-backup 1.1.5 - Updated scripts/backup.sh (details not specified). - No changes to documented usage or configuration. - SKILL.md unchanged except for this release record.
v1.1.4
- Internal improvements to scripts/lib.sh for reliability or maintainability. - No user-facing changes or modifications to documentation or behavior.
v1.1.3
synology-backup v1.1.3 - Minor update to scripts/lib.sh. - No changes to usage, configuration, or feature set. - Documentation remains unchanged except for possible small edits. - No impact on existing backups or compatibility.
v1.1.2
- Updated documentation to clarify configuration details and improve setup instructions. - Changed the example `telegramTarget` value from a hardcoded group ID to a placeholder (`-100xxxxxxxxxx`) for better security and clarity. - Fixed commands in the cron registration example to use `~` for home directory instead of absolute `/root/` paths. - Updated configuration table to refine default values and descriptions, especially for `telegramTarget`. - No changes to the skill logic or functionality; documentation only.
v1.1.1
- Updated the failure alert example to use placeholders for hostname and date instead of specific values. - Removed default Telegram alert target group reference from documentation. - No changes to functionality; documentation only.
v1.1.0
**Adds SSH/rsync transport, integrity verification, and failure alerting via Telegram.** - SSH/rsync can now be used as an alternative to SMB for backups. - New `verify.sh` script checks backup integrity with checksums and counts. - Backup failures automatically trigger a Telegram alert (configurable target). - Pre-restore safety snapshots are created before restoring, enabling quick undo. - Enhanced validation, security notes, and improved modular code via new `lib.sh`.
v1.0.4
Security hardening: added regex validation for share (alphanumeric/slashes only), mountPoint (absolute path only), and backupPaths (no command substitution, semicolons, pipes, backticks, or path traversal). Added boolean validation for includeSubAgentWorkspaces. Restore workspace names validated against strict pattern. All config inputs now validated before any shell command execution.
v1.0.3
Security fix: hardened all scripts against shell injection. All config-derived variables are now quoted, validated with regex allowlists (host, smbVersion, date format), and read via safe loops instead of command substitution expansion. Added path traversal protection in restore.
v1.0.2
Security hardening: removed curl-pipe-sh install pattern (link to official docs instead), made .env backup opt-in not default, replaced rm -rf prune with trash-then-clean pattern, added guidance for minimal NAS user permissions.
v1.0.1
Fix: removed example credential patterns that triggered security scanner. Credentials setup now uses editor instructions instead of inline examples.
v1.0.0
Initial release: backup, restore, status scripts. SMB over Tailscale. Config-driven with credentials file auth. 7-day retention with auto-prune.
Metadata
Slug synology-backup
Version 2.0.3
License MIT-0
All-time Installs 5
Active Installs 5
Total Versions 17
Frequently Asked Questions

What is Synology Backup?

Backup and restore OpenClaw workspace, configs, and agent data to a Synology NAS via SMB or SSH/rsync. Use when: backing up workspace files, restoring from a... It is an AI Agent Skill for Claude Code / OpenClaw, with 1086 downloads so far.

How do I install Synology Backup?

Run "/install synology-backup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Synology Backup free?

Yes, Synology Backup is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Synology Backup support?

Synology Backup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Synology Backup?

It is built and maintained by Paul Frederiksen (@pfrederiksen); the current version is v2.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments