← 返回 Skills 市场
Cloud Backup
作者
Evgeni Obuchowski
· GitHub ↗
· v1.1.5
1579
总下载
4
收藏
13
当前安装
7
版本数
在 OpenClaw 中安装
/install cloud-backup
功能描述
Back up and restore OpenClaw state. Creates local archives and uploads to S3-compatible cloud storage (AWS S3, Cloudflare R2, Backblaze B2, MinIO, DigitalOce...
使用说明 (SKILL.md)
OpenClaw Cloud Backup
Backs up OpenClaw state to a local archive and uploads it to cloud storage.
Follow the steps below. Inform the user about implicit defaults applied after execution.
Backup procedure (follow every step)
Step 1: Run the backup
bash "{baseDir}/scripts/cloud-backup.sh" backup full
Default mode is full. Use workspace, skills, or settings only when the user explicitly asks for a narrower backup scope.
Step 2: Check backup output for encryption warning
Look at the script output from Step 1. If it contains:
WARN: Encryption is disabled — backup archive will be stored in plaintext.
ask the user:
"Your backups are not encrypted. Archives contain config, credentials, and API keys in cleartext. Want to set a passphrase? (AES-256, just the passphrase needed to restore — no key files.)"
- If user provides a passphrase → write both via
gateway config.patchand tell the user what was saved:skills.entries.cloud-backup.config.encrypt = trueskills.entries.cloud-backup.env.GPG_PASSPHRASE = "\x3Cpassphrase>"Then re-run the backup so the archive is encrypted.
- If user says no / skip → continue to Step 3.
- If the warning is not present (encryption already enabled) → continue to Step 3.
Always execute this step and report the result. Backups may contain secrets — prompt every time encryption is off.
Step 3: Check script output for warnings
Look at the script output. If it contains WARN: Cloud storage is not configured, go to Step 4. Otherwise go to Step 5.
Step 4: Cloud not configured — ask user to set it up
Tell the user the backup was saved locally, then ask:
"Cloud storage isn't configured yet — backups are local only. Want to set up cloud upload? I support AWS S3, Cloudflare R2, Backblaze B2, MinIO, DigitalOcean Spaces, or any other S3-compatible service."
- If user says yes → go to Cloud setup section below, then re-run the backup.
- If user says no / local-only → set
config.upload=falseviagateway config.patchand confirm the change to the user. Done.
Always execute this step — offer cloud setup when it's missing and report what was configured.
Step 5: Report result and ensure scheduling
Report the backup paths from the script output to the user.
Then check if a daily cron job already exists for cloud-backup (cron action=list). If no cron job exists, create one with the default schedule and tell the user:
{
"schedule": { "kind": "cron", "expr": "0 2 * * *" },
"payload": { "kind": "agentTurn", "message": "Run cloud-backup: backup full" },
"sessionTarget": "isolated"
}
Default: daily at 2 AM. Use a different schedule if it was explicitly asked for one.
Tell the user: "Scheduled daily backup at 2 AM." (or whatever time was set).
This step should be executed by default unless user asked not to do it. Report about the result — cron job created or failed to be created.
Cloud setup
When the user agrees to configure cloud storage:
- Ask which provider: AWS S3, Cloudflare R2, Backblaze B2, MinIO, DigitalOcean Spaces, or other.
- Read the matching provider guide from
references/providers/— it has exact config keys, endpoint format, and credential steps. - Collect and write config via
gateway config.patch— bucket, credentials, endpoint (if non-AWS). - Run
statusto verify connectivity, then re-run backup.
Commands
bash "{baseDir}/scripts/cloud-backup.sh" \x3Ccommand>
| Command | What it does |
|---|---|
backup [full|workspace|skills|settings] |
Create archive + upload if configured. Default: full |
list |
Show local + remote backups |
restore \x3Cname> [--dry-run] [--yes] |
Restore from local or cloud. Always --dry-run first |
cleanup |
Prune old archives (local: capped at 7; cloud: count + age) |
status |
Show current config and dependency check |
Config reference
All in skills.entries.cloud-backup in OpenClaw config. Don't write defaults — the script handles them.
config.*
| Key | Default | Description |
|---|---|---|
bucket |
— | Storage bucket name (required for cloud) |
region |
us-east-1 |
Region hint |
endpoint |
(none) | S3-compatible endpoint (required for non-AWS) |
profile |
(none) | Named AWS CLI profile (alternative to keys) |
upload |
true |
Upload to cloud after backup |
encrypt |
false |
GPG-encrypt archives |
retentionCount |
10 |
Cloud: keep N backups. Local: capped at 7 |
retentionDays |
30 |
Cloud only: delete archives older than N days |
env.*
| Key | Description |
|---|---|
ACCESS_KEY_ID |
S3-compatible access key |
SECRET_ACCESS_KEY |
S3-compatible secret key |
SESSION_TOKEN |
Optional temporary token |
GPG_PASSPHRASE |
For automated encryption/decryption |
Provider guides
Read the relevant one only during setup:
references/providers/aws-s3.mdreferences/providers/cloudflare-r2.mdreferences/providers/backblaze-b2.mdreferences/providers/minio.mdreferences/providers/digitalocean-spaces.mdreferences/providers/other.md— any S3-compatible service
Security
See references/security.md for credential handling and troubleshooting.
安全使用建议
What to consider before installing:
- Functionality: This skill tars your OpenClaw state (~/.openclaw), so archives will include configuration, credentials, and any secrets stored there. That is the intended behavior for a backup tool.
- Credentials: The skill expects S3-compatible credentials (ACCESS_KEY_ID / SECRET_ACCESS_KEY) or a named AWS profile. The recommended flow is to create a bucket-scoped, least-privilege key pair. Prefer a named profile or short-lived credentials where possible instead of storing long-lived secrets in config.
- GPG passphrase: If you enable encryption, the SKILL.md suggests storing the GPG passphrase in the skill's config (env.GPG_PASSPHRASE) for non-interactive restores/cron. Storing passphrases in OpenClaw config is convenient but means the passphrase itself must be protected; consider using a secret manager or requiring interactive entry if you need stronger protection.
- Scheduling/autonomy: The skill can create a cron job that triggers the agent to run backups automatically. Allow this only if you trust the agent and the scheduling action; review the schedule and cron payload before accepting.
- Inspect the script: The full bash script is included in the package; review it if you want to verify details (files excluded, encryption flow, where files are written, exact S3 commands). It uses aws CLI (aws s3 cp/ls/rm), gpg for encryption, and standard tar/sha utilities.
- Protect the OpenClaw config: Ensure ~/.openclaw/openclaw.json is filesystem-permission restricted (the references/security.md already recommends 600). Rotate keys if they are ever exposed.
If those trade-offs are acceptable (i.e., you want automated backups of OpenClaw state and are prepared to manage credentials and encryption appropriately), the skill is coherent and reasonable to use.
功能分析
Type: OpenClaw Skill
Name: cloud-backup
Version: 1.1.5
The OpenClaw Cloud Backup skill is designed to perform backups and restores of the OpenClaw state, including sensitive configuration and credentials, to local storage and S3-compatible cloud services. While it handles highly sensitive data, creates persistence via cron jobs, and has broad file/network access, these capabilities are directly aligned with its stated purpose. The `SKILL.md` instructions guide the agent to configure itself and handle credentials, which is expected for such a skill. The `scripts/cloud-backup.sh` script includes security measures like path traversal checks (`tar_safe`), checksum verification, and careful argument handling for `aws` and `gpg` commands. There is no evidence of intentional harmful behavior, data exfiltration to unauthorized endpoints, or malicious prompt injection attempts beyond the skill's legitimate functionality.
能力评估
Purpose & Capability
Name/description match the implementation. Required binaries (bash, tar, jq, aws) and the included script are appropriate for creating compressed archives, optionally encrypting them with GPG, and uploading via AWS-compatible CLI. The skill only operates on the OpenClaw state directory (OPENCLAW_STATE / ~/.openclaw) and its own config entries.
Instruction Scope
SKILL.md limits runtime actions to: run the included script, prompt the user about encryption, collect cloud provider credentials, write config entries for this skill via gateway config.patch, and optionally create a scheduled cron job. The instructions do not ask to read unrelated system files or exfiltrate data to unexpected endpoints beyond the configured S3-compatible providers.
Install Mechanism
There is no install spec (instruction-only style), and the only code shipped is the bash script. The script is executed directly from the skill bundle (no external downloads or arbitrary installers), which is the lower-risk pattern for this kind of utility.
Credentials
The skill needs access to S3-compatible credentials and an optional GPG passphrase to function. These are requested via OpenClaw config entries (skills.entries.cloud-backup.env.*) or via named AWS profile. This is expected, but worth noting: storing ACCESS_KEY_ID / SECRET_ACCESS_KEY and GPG_PASSPHRASE in the OpenClaw config means secrets may be persisted in plain text unless the environment/host protects that file. The SKILL.md explicitly warns backups contain secrets and prompts the user to enable encryption—this is appropriate but the storage of the passphrase in config is a sensitive choice the user should consider.
Persistence & Privilege
The skill may create a scheduled cron job that triggers an agentTurn payload (i.e., autonomous invocations). This is coherent with the backup use-case (scheduling regular backups) and the SKILL.md says to ask the user before scheduling, but users should be aware that the cron payload will cause the agent to run the skill autonomously at the specified times.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install cloud-backup - 安装完成后,直接呼叫该 Skill 的名称或使用
/cloud-backup触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.5
- Updated documentation for Backblaze B2 in `references/providers/backblaze-b2.md`.
- No functional or behavioral changes to the skill logic.
v1.1.4
- Removed redundant README.md file for improved maintainability.
- Updated Backblaze B2 provider documentation.
- Made minor adjustments to backup script and provider references.
v1.0.1
- Removed top-level README.md file.
- Updated Backblaze B2 provider reference (references/providers/backblaze-b2.md).
- Modified backup script (scripts/cloud-backup.sh).
v1.1.3
- Improved clarity of user prompts and required confirmations throughout backup and cloud setup steps.
- Now always informs the user about implicit defaults and config changes after each action.
- Prompts and action reporting for encryption and cloud storage are now always performed when needed.
- Ensures creation of a daily cron job is reported to the user, including when the schedule is changed or setup fails.
- Expanded provider support wording in both description and prompts to include any S3-compatible service.
v1.1.2
cloud-backup 1.1.2
- unblock VirusTotal
v1.1.1
- Clarified and reinforced step-by-step reporting: now explicitly instructs to inform users about implicit defaults and changes after execution.
- Enforced explicit user notification after any config change (encryption, upload, cron scheduling).
- Expanded cloud provider support messaging to include "any other S3-compatible service" for broader compatibility.
- Updated procedures to always follow (no steps skipped by default) and to report outcomes, including failure or configuration status.
- README.md file removed; documentation is now consolidated within SKILL.md.
v1.1.0
- Added detailed procedures for backup, encryption prompts, and cloud storage setup.
- Now supports backup to multiple S3-compatible providers: AWS S3, Cloudflare R2, Backblaze B2, MinIO, DigitalOcean Spaces.
- Automatically prompts to enable encryption if backups are not encrypted.
- Prompts user to configure cloud storage if not already set, with step-by-step provider-specific guidance.
- Ensures every backup is scheduled via a cron job; creates a daily 2 AM schedule if missing.
- Provides new config and command reference sections for clarity.
元数据
常见问题
Cloud Backup 是什么?
Back up and restore OpenClaw state. Creates local archives and uploads to S3-compatible cloud storage (AWS S3, Cloudflare R2, Backblaze B2, MinIO, DigitalOce... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1579 次。
如何安装 Cloud Backup?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install cloud-backup」即可一键安装,无需额外配置。
Cloud Backup 是免费的吗?
是的,Cloud Backup 完全免费(开源免费),可自由下载、安装和使用。
Cloud Backup 支持哪些平台?
Cloud Backup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Cloud Backup?
由 Evgeni Obuchowski(@obuchowski)开发并维护,当前版本 v1.1.5。
推荐 Skills