← 返回 Skills 市场

雷神之影 Mjolnir Shadow

Name: 雷神之影 Mjolnir Shadow
Author: king6381

作者 king6381 · GitHub ↗ · v2.0.0 · MIT-0

cross-platform ✓ 安全检测通过

148

总下载

当前安装

版本数

在 OpenClaw 中安装

/install mjolnir-shadow

功能描述

Mjolnir Shadow (雷神之影) — Automated rotating backup system for OpenClaw workspaces. Creates GPG-encrypted, rotating backups of workspace files, configs, and da...

使用说明 (SKILL.md)

Mjolnir Shadow (雷神之影) 🌑

Automated rotating backup for OpenClaw workspaces with GPG-encrypted credential storage.

自动轮转备份系统，支持 GPG 加密凭证。

Requirements / 依赖

bash + curl — most Linux/macOS systems
Python 3.6+ — for setup wizard
GPG (gnupg) — for credential encryption (recommended)
WebDAV server — Nextcloud, ownCloud, Synology, etc.
Env var (optional): MJOLNIR_SHADOW_PASS — GPG passphrase for non-interactive cron runs

Quick Start / 快速开始

# 1. Interactive setup (creates encrypted config)
# 1. 交互式配置（创建加密配置）
python3 scripts/setup_backup.py

# 2. Run backup
# 2. 运行备份
bash scripts/backup.sh

# 3. Check status
# 3. 检查状态
cat memory/backup-state.json

How It Works / 工作原理

Decrypt config via GPG (or read plaintext fallback) / GPG 解密配置
Collect workspace, configs, strategies, skills into archives / 打包文件
Upload to WebDAV via --netrc-file (credentials never in process listings) / 上传到 WebDAV
Rotate — keep N newest, delete oldest (FIFO) / 轮转：保留最新 N 个
Clean up — all temp files removed on exit / 退出时清理临时文件

Security / 安全

GPG AES-256 encrypted credential storage / 凭证加密存储
--netrc-file for all curl calls (backup + restore) — no -u user:pass / 所有 curl 调用使用 netrc
HTTPS warning if WebDAV URL is not HTTPS / 非 HTTPS 警告
Channel auth excluded by default (configurable) / 默认排除通道认证 token
Temp cleanup via trap EXIT — netrc + archives removed even on failure / 异常退出也清理
Secret exclusion — .gpg, .key, .secret, .env always excluded / 始终排除密钥文件

What Gets Backed Up / 备份内容

Component / 组件	Includes / 包含	Excludes / 排除
Workspace	Memory, docs, scripts	.git, node_modules, venv, .env, secrets/*.gpg
Config	openclaw.json, cron/	Channel auth (default), .gpg, .secret
Strategies	Strategy files, monitors	venv, pycache
Skills	Installed skill packages	node_modules, venv, *.gpg

Cron / 定时备份

Setup wizard prints the cron command (does not auto-create). Add manually:

配置向导打印 cron 命令（不会自动创建）。手动添加：

# Every 3 days at 03:00 / 每 3 天凌晨 3 点
openclaw cron add --name "🌑 Mjolnir Shadow" \
  --schedule "0 3 */3 * *" --tz "Asia/Shanghai" \
  --isolated --timeout 300 \
  --message "bash /path/to/scripts/backup.sh"

Non-interactive GPG decryption / 非交互式 GPG 解密

For unattended cron runs, use gpg-agent (recommended) or set MJOLNIR_SHADOW_PASS via a secure secret store — do NOT put plaintext passphrases in cron commands or world-readable files.

非交互运行时，推荐使用 gpg-agent，或通过 安全的密钥存储 设置 MJOLNIR_SHADOW_PASS — 不要在 cron 命令或明文文件中写入密码。

# Recommended: use gpg-agent (pre-cache passphrase)
# 推荐：使用 gpg-agent（预缓存密码）
gpg-connect-agent /bye  # ensure agent is running

# Alternative: read from encrypted credential store
# 备选：从加密凭证存储读取
# export MJOLNIR_SHADOW_PASS="$(your-secret-manager get mjolnir-shadow-pass)"

Restore / 恢复

🚀 一键恢复（推荐新手）

# 方式1: 全自动模式 — 带进度条，一键搞定
bash scripts/restore.sh --auto

# 方式2: 独立恢复引导 — 不依赖 OpenClaw，全新系统也能用
bash scripts/restore-kit.sh

--auto 模式会自动完成：解密配置 → 查找最新备份 → 下载 → 解压 → 恢复全部组件 → 重启 OpenClaw。全程进度条显示，小白友好。

restore-kit.sh 是完全独立的脚本，不依赖任何已安装技能。适用于：

全新系统重装后恢复
OpenClaw 还没装的时候
从另一台机器 SCP 过来直接运行

# 从另一台机器拷贝过来运行
scp kaixin:/path/to/restore-kit.sh . && bash restore-kit.sh

手动模式（高级用户）

bash scripts/restore.sh --list       # List backups / 列出备份
bash scripts/restore.sh --latest     # Restore latest (manual) / 恢复最新（手动确认）
bash scripts/restore.sh --file NAME  # Restore specific / 恢复指定

手动模式先解压到临时目录，你可以检查后再决定覆盖哪些组件。

Configuration Reference / 配置参考

See references/config-reference.md for all options. / 详见配置参考文档。

安全使用建议

This skill is coherent with its stated purpose, but take these precautions before installing or running it: 1) Only point backups to a WebDAV server you control and prefer HTTPS (the scripts warn on non-HTTPS but allow it). 2) Protect the GPG passphrase: use gpg-agent or a secure secret store; do not place MJOLNIR_SHADOW_PASS in plaintext cron lines or world-readable files. 3) Review the configuration (config/backup-config.json.gpg once decrypted) to confirm which paths will be backed up — installed skills and workspace files are included by default and may contain unexpected secrets. 4) The restore-kit can install system packages and Node/OpenClaw (may use sudo); run it only on machines you trust and after reading the script. 5) Verify the upstream source and author (GitHub repo link provided) before trusting automated restore actions. 6) If you need stricter control, run backup/restore manually or run in an isolated environment and consider disabling autonomous skill invocation if you don't want the agent to call it without supervision.

能力评估

✓ Purpose & Capability

Name/description promise (rotating, GPG-encrypted backups of OpenClaw workspace to WebDAV) aligns with the scripts and SKILL.md: setup wizard, backup.sh, restore.sh and restore-kit.sh implement the described functionality and request only WebDAV credentials and optional GPG passphrase. No unrelated credentials or services are required.

ℹ Instruction Scope

Runtime instructions and scripts operate on the OpenClaw workspace and config (including installed skills) and upload archives to a WebDAV target — this is expected for a backup tool. The scripts attempt to exclude common sensitive files (*.gpg, .env, channel tokens) but they still pack entire workspace and skill directories; if secrets exist in unusual paths they could be included. The restore-kit also auto-installs system dependencies and OpenClaw when run on a bare machine (explicit in SKILL.md).

✓ Install Mechanism

There is no formal install spec; the package is instruction + script based. The restore-kit may download system packages and Node.js from NodeSource/nodejs.org and uses apt/brew/npm as needed — these are common sources and consistent with a full restore workflow. The scripts do perform network downloads and may request sudo for system installs during restore (documented).

✓ Credentials

No forced environment variables or external credentials are declared beyond the optional MJOLNIR_SHADOW_PASS. The skill legitimately needs WebDAV credentials (stored in a local encrypted config) and optional GPG passphrase for non-interactive runs — these are proportionate to the backup/restore purpose.

✓ Persistence & Privilege

The skill is not force-included (always: false) and uses normal agent invocation. It does not attempt to modify other skills' configs beyond restoring files into the OpenClaw workspace (expected for a restore). The restore-kit can install system software (apt/npm/brew, write to /usr/local) which requires elevated privileges — this is normal for a bare‑metal restore but worth noting.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install mjolnir-shadow
安装完成后，直接呼叫该 Skill 的名称或使用 /mjolnir-shadow 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.0.0

v2.0: 三平台全覆盖 (Win11/macOS/Ubuntu), restore-kit 裸机一键恢复

v1.2.3

Fix metadata format (clawdbot JSON), remove plaintext passphrase from cron examples, recommend gpg-agent/secret store

v1.2.2

Fix metadata: declare required binaries (bash/curl/python3/gpg), add homepage URL, declare optional env var MJOLNIR_SHADOW_PASS. Resolves ClawdHub security scan findings.

v1.2.1

🔒 Fix last curl -u in setup connection test, now zero instances of credential exposure in process listings

v1.2.0

🔒 Fix all security scan findings: restore.sh netrc auth, declared requirements (bash/curl/Python3/gpg/MJOLNIR_SHADOW_PASS), consistent credential handling, bilingual docs

v1.1.0

🔒 Security hardening: GPG encrypted credentials, netrc auth, HTTPS check, channel auth exclusion, bilingual docs

v1.0.0

🌑 Initial release - Automated rotating backup system for OpenClaw workspaces

元数据

Slug mjolnir-shadow

版本 2.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 7

常见问题