← Back to Skills Marketplace
112
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install molt-backup
Description
Snapshot and back up OpenClaw brain files (AGENTS.md, SOUL.md, MEMORY.md, memory/, etc.) to an offsite git repository — like a lobster shedding its shell, le...
Usage Guidance
This skill appears to do what it says (copy brain files to a git repo) but there are a few things to check before installing/using it:
- The registry metadata claims no required binaries/env, but the scripts require git and rsync and prefer python3; ensure those are available.
- You must provide a remote git repository you control and have working push credentials (SSH keys or an HTTPS token configured). Do not provide credentials to unknown repos.
- The primary redaction method uses your OpenClaw CLI (recommended). If the CLI is unavailable, the fallback reads openclaw.json and redacts keys by name with a regex — that can miss secrets. Verify config-redacted.json contents before pushing to your remote.
- Run a dry-run first (scripts/molt.sh --dry-run) and review the generated files in the local backup dir (~/.openclaw/molt by default) before pushing.
- Inspect the included scripts yourself (they are small and readable). If you plan to schedule automatic backups, ensure cron jobs run under an account with appropriate (limited) access and monitor the destination repo for unexpected content.
If the author updated the package metadata to declare git/rsync/python3 and to document the redaction fallback risk, my assessment would be higher confidence and less suspicious.
Capability Analysis
Type: OpenClaw Skill
Name: molt-backup
Version: 1.0.1
The 'molt-backup' skill is designed to snapshot and exfiltrate the entire OpenClaw 'brain' (identity, memory, and configuration) to a remote Git repository. While its stated purpose is for user-initiated backups and it includes redaction logic in 'export-config.py' to strip secrets, the process involves high-risk behaviors such as broad file system access, execution of shell scripts ('molt.sh'), and data transmission to external endpoints. The redaction mechanism is best-effort and could potentially leak sensitive information if keys do not match the predefined regex, making the tool a powerful capability that could be abused if the destination repository is misconfigured or compromised.
Capability Assessment
Purpose & Capability
The skill claims to be a simple backup to a remote git repo and the included scripts implement that. However the registry metadata lists no required binaries or env vars while the SKILL.md and scripts clearly require git, rsync and (optionally) python3, and rely on git authentication (SSH or HTTPS tokens). That mismatch between declared requirements and actual needs is an inconsistency the user should be aware of.
Instruction Scope
At runtime the scripts copy OpenClaw files (AGENTS.md, SOUL.md, MEMORY.md, memory/), export cron jobs via `openclaw cron list`, and attempt to export config using `openclaw config get` (falling back to reading openclaw.json). These actions are within the stated backup purpose. A noteworthy behavior: the authoritative redaction path uses the OpenClaw CLI, but the fallback uses a regex-based key-name redaction which can miss secrets — that is a privacy risk rather than unexplained scope creep.
Install Mechanism
There is no install spec — the skill is instruction-plus-scripts only. All code is present in the package (no remote downloads). This is low-install risk.
Credentials
Metadata lists no required env/primary credential, but the workflow requires a remote git repo and working git auth (SSH keys or HTTPS token). The tool also reads the workspace and (optionally) openclaw.json and uses the OpenClaw CLI if available. Asking for a repo URL and using the user's existing git credentials is proportionate to the task, but the package should declare this explicitly. The fallback file-redaction approach increases risk of accidental secret inclusion.
Persistence & Privilege
The skill is not always-enabled and does not request elevated agent privileges. It runs as a user-invoked script; nothing indicates it will persist beyond the chosen backup dir or modify other skills/configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install molt-backup - After installation, invoke the skill by name or use
/molt-backup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Add Security Model section; set display name to Molt
v1.0.0
molt-backup 1.0.0 — Initial Release
- Introduces the `molt-backup` skill to snapshot and back up OpenClaw brain files to an offsite git repository.
- Supports backing up core brain files (e.g., AGENTS.md, SOUL.md, MEMORY.md, and the memory/ directory), cron job exports, and redacted OpenClaw config.
- Requires only git and rsync; no additional dependencies or OpenClaw-specific tools needed.
- Includes clear setup and configuration instructions for first-time and recurring use.
- Allows scheduling automated backups via cron or the OpenClaw assistant.
Metadata
Frequently Asked Questions
What is Molt?
Snapshot and back up OpenClaw brain files (AGENTS.md, SOUL.md, MEMORY.md, memory/, etc.) to an offsite git repository — like a lobster shedding its shell, le... It is an AI Agent Skill for Claude Code / OpenClaw, with 112 downloads so far.
How do I install Molt?
Run "/install molt-backup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Molt free?
Yes, Molt is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Molt support?
Molt is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Molt?
It is built and maintained by Marv (@robin-marv); the current version is v1.0.1.
More Skills