← 返回 Skills 市场

Backup Recovery Toolkit

Name: Backup Recovery Toolkit
Author: kaiyuelv

作者 Lv Lancer · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install backup-recovery-toolkit

功能描述

企业级备份恢复工具包，支持文件备份、数据库备份、增量备份、定时任务和灾难恢复。 Enterprise-grade backup and recovery toolkit supporting file backup, database backup, incremental backup, scheduled t...

使用说明 (SKILL.md)

Backup Recovery Toolkit | 备份恢复工具包

一套完整的数据备份与灾难恢复解决方案，保护您的重要数据安全。

A comprehensive data backup and disaster recovery solution to protect your critical data.

核心功能 | Core Features

📦 文件备份 | File Backup - 本地和远程文件备份
🗄️ 数据库备份 | Database Backup - MySQL/PostgreSQL/MongoDB备份
📈 增量备份 | Incremental Backup - 只备份变更部分，节省空间
⏰ 定时任务 | Scheduled Tasks - Cron式备份计划
🔄 版本管理 | Version Management - 保留多版本，支持回滚
🚨 灾难恢复 | Disaster Recovery - 快速恢复数据到任意时间点

快速开始 | Quick Start

命令行使用 | CLI Usage

# 备份目录 | Backup directory
python scripts/backup_toolkit.py backup --source /data --dest /backup --name "daily-backup"

# 增量备份 | Incremental backup
python scripts/backup_toolkit.py incremental --source /data --dest /backup --last-backup /backup/previous

# 恢复数据 | Restore data
python scripts/backup_toolkit.py restore --backup /backup/daily-backup --dest /data

Python API

from backup_recovery_toolkit import FileBackup, DatabaseBackup

# 文件备份 | File backup
backup = FileBackup(source="/data", destination="/backup")
backup.run(name="daily-backup")

# 数据库备份 | Database backup
db_backup = DatabaseBackup(
    db_type="mysql",
    host="localhost",
    user="root",
    password="secret",
    database="mydb"
)
db_backup.run()

测试 | Tests

python -m pytest tests/ -v

安全使用建议

This package largely behaves like a normal backup toolkit, but review and precautions are recommended before installing or running it: - Verify presence of system binaries: the code calls mysqldump, pg_dump and mongodump via subprocess but the skill metadata does not declare these required binaries. Ensure these tools exist on any host where you run this. - Inspect the full scripts/backup_toolkit.py (the provided listing was truncated) to confirm there are no hidden network endpoints or unexpected data exfiltration paths (especially code that would use paramiko/cryptography to send backups remotely). - Avoid passing DB passwords on the command line or hard-coding them. The current examples & implementation may expose credentials via process lists; prefer using secured credential stores or connection files. - Run the code first in a disposable, limited-permission environment (container or VM) with test data to confirm behavior and that only intended files are read and written. - If you need remote backup features, confirm how SSH keys/credentials are handled; do not supply high-privilege keys without auditing the remote-transfer implementation. Because the repository lacks an install spec and does not declare required system binaries, treat the package as potentially incomplete and verify these gaps before trusting it with production data.

功能分析

Type: OpenClaw Skill Name: backup-recovery-toolkit Version: 1.0.0 The toolkit contains a potential path traversal vulnerability (TarSlip) in scripts/backup_toolkit.py within the RestoreManager.restore_file_backup method, which uses tarfile.extractall() without validating member paths. Additionally, the DatabaseBackup class handles sensitive credentials insecurely by passing them as command-line arguments (MySQL/MongoDB) or environment variables (PostgreSQL), exposing them to process monitoring. While these are significant security flaws, they appear to be unintentional vulnerabilities rather than intentional malicious behavior.

能力评估

⚠ Purpose & Capability

The code implements file, incremental and database backups and references external tools (mysqldump, pg_dump, mongodump) via subprocess calls, and requirements.txt includes SSH/crypto libraries for remote backups—these are coherent with a backup tool. However, the skill metadata declares no required binaries even though the code expects system binaries for DB dumps. Also the registry notes 'No install spec' even though the bundle contains code and a requirements.txt (so nothing will be automatically installed). The missing declaration of required system binaries and the lack of source/homepage reduce transparency.

ℹ Instruction Scope

SKILL.md shows CLI and Python API usage that expects users to provide file paths and DB credentials. The instructions don't ask for unrelated system data. However examples and README show passing DB passwords in code/CLI; the code uses subprocess to run native DB clients which will execute external binaries and can expose credentials via process arguments. The provided scripts run filesystem operations (expected for backups).

ℹ Install Mechanism

There is no automated install spec; the README and requirements.txt instruct pip install -r requirements.txt. That's lower-risk than an arbitrary binary download, but because installation is manual the user must run pip themselves. No archive downloads or extract steps were used. The absence of an install step means dependencies and system binaries must be present on the host for the tool to work.

⚠ Credentials

The skill does not declare required environment variables or credentials, which aligns with examples that pass DB credentials as function args. But DatabaseBackup constructs subprocess commands that embed passwords (e.g. '-p{password}' for mysqldump) and sets PGPASSWORD for pg_dump; both approaches risk credential exposure (process listing, shell history). No unrelated secrets are requested, but credential-handling practices are potentially insecure and should be reviewed.

✓ Persistence & Privilege

The skill is not force-included (always:false) and is user-invocable. It does not request to modify other skills or system-wide agent settings. Autonomous invocation is allowed by platform default but does not combine here with always:true or broad undisclosed credential access.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install backup-recovery-toolkit
安装完成后，直接呼叫该 Skill 的名称或使用 /backup-recovery-toolkit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of backup-recovery-toolkit: - Supports file and database backups (MySQL, PostgreSQL, MongoDB) - Enables incremental backups for efficient storage use - Offers scheduled backup tasks with cron-style scheduling - Includes version management and rollback capabilities - Provides disaster recovery for quick data restoration

元数据

Slug backup-recovery-toolkit

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题