← 返回 Skills 市场
112
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install molt-backup
功能描述
Snapshot and back up OpenClaw brain files (AGENTS.md, SOUL.md, MEMORY.md, memory/, etc.) to an offsite git repository — like a lobster shedding its shell, le...
安全使用建议
This skill appears to do what it says (copy brain files to a git repo) but there are a few things to check before installing/using it:
- The registry metadata claims no required binaries/env, but the scripts require git and rsync and prefer python3; ensure those are available.
- You must provide a remote git repository you control and have working push credentials (SSH keys or an HTTPS token configured). Do not provide credentials to unknown repos.
- The primary redaction method uses your OpenClaw CLI (recommended). If the CLI is unavailable, the fallback reads openclaw.json and redacts keys by name with a regex — that can miss secrets. Verify config-redacted.json contents before pushing to your remote.
- Run a dry-run first (scripts/molt.sh --dry-run) and review the generated files in the local backup dir (~/.openclaw/molt by default) before pushing.
- Inspect the included scripts yourself (they are small and readable). If you plan to schedule automatic backups, ensure cron jobs run under an account with appropriate (limited) access and monitor the destination repo for unexpected content.
If the author updated the package metadata to declare git/rsync/python3 and to document the redaction fallback risk, my assessment would be higher confidence and less suspicious.
功能分析
Type: OpenClaw Skill
Name: molt-backup
Version: 1.0.1
The 'molt-backup' skill is designed to snapshot and exfiltrate the entire OpenClaw 'brain' (identity, memory, and configuration) to a remote Git repository. While its stated purpose is for user-initiated backups and it includes redaction logic in 'export-config.py' to strip secrets, the process involves high-risk behaviors such as broad file system access, execution of shell scripts ('molt.sh'), and data transmission to external endpoints. The redaction mechanism is best-effort and could potentially leak sensitive information if keys do not match the predefined regex, making the tool a powerful capability that could be abused if the destination repository is misconfigured or compromised.
能力评估
Purpose & Capability
The skill claims to be a simple backup to a remote git repo and the included scripts implement that. However the registry metadata lists no required binaries or env vars while the SKILL.md and scripts clearly require git, rsync and (optionally) python3, and rely on git authentication (SSH or HTTPS tokens). That mismatch between declared requirements and actual needs is an inconsistency the user should be aware of.
Instruction Scope
At runtime the scripts copy OpenClaw files (AGENTS.md, SOUL.md, MEMORY.md, memory/), export cron jobs via `openclaw cron list`, and attempt to export config using `openclaw config get` (falling back to reading openclaw.json). These actions are within the stated backup purpose. A noteworthy behavior: the authoritative redaction path uses the OpenClaw CLI, but the fallback uses a regex-based key-name redaction which can miss secrets — that is a privacy risk rather than unexplained scope creep.
Install Mechanism
There is no install spec — the skill is instruction-plus-scripts only. All code is present in the package (no remote downloads). This is low-install risk.
Credentials
Metadata lists no required env/primary credential, but the workflow requires a remote git repo and working git auth (SSH keys or HTTPS token). The tool also reads the workspace and (optionally) openclaw.json and uses the OpenClaw CLI if available. Asking for a repo URL and using the user's existing git credentials is proportionate to the task, but the package should declare this explicitly. The fallback file-redaction approach increases risk of accidental secret inclusion.
Persistence & Privilege
The skill is not always-enabled and does not request elevated agent privileges. It runs as a user-invoked script; nothing indicates it will persist beyond the chosen backup dir or modify other skills/configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install molt-backup - 安装完成后,直接呼叫该 Skill 的名称或使用
/molt-backup触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Add Security Model section; set display name to Molt
v1.0.0
molt-backup 1.0.0 — Initial Release
- Introduces the `molt-backup` skill to snapshot and back up OpenClaw brain files to an offsite git repository.
- Supports backing up core brain files (e.g., AGENTS.md, SOUL.md, MEMORY.md, and the memory/ directory), cron job exports, and redacted OpenClaw config.
- Requires only git and rsync; no additional dependencies or OpenClaw-specific tools needed.
- Includes clear setup and configuration instructions for first-time and recurring use.
- Allows scheduling automated backups via cron or the OpenClaw assistant.
元数据
常见问题
Molt 是什么?
Snapshot and back up OpenClaw brain files (AGENTS.md, SOUL.md, MEMORY.md, memory/, etc.) to an offsite git repository — like a lobster shedding its shell, le... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 112 次。
如何安装 Molt?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install molt-backup」即可一键安装,无需额外配置。
Molt 是免费的吗?
是的,Molt 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Molt 支持哪些平台?
Molt 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Molt?
由 Marv(@robin-marv)开发并维护,当前版本 v1.0.1。
推荐 Skills