← 返回 Skills 市场
831
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install restic-home-backup
功能描述
Design, implement, and operate encrypted restic backups for Linux home directories with systemd automation, retention policies, and restore validation. Use w...
安全使用建议
This skill appears to do what it says, but review and run it safely: 1) Read scripts/bootstrap_restic_home.sh yourself before running. 2) Run it in PLAN-ONLY mode first (no --apply) to inspect the proposed changes. 3) Ensure restic is installed and reachable at /usr/bin/restic (adjust script if restic is elsewhere). 4) Be prepared that the script will create /etc/restic-home.env and a password file at /etc/restic-home/password (chmod 600) — if you prefer an existing password file or secret manager, supply that path via --password-file. 5) Only run with --apply and enable timers when you accept the systemd/unit changes and understand where your repository (S3/SFTP/local) stores data and credentials. 6) If you need this on non-standard home paths (e.g., root), verify the script handles that or modify accordingly.
功能分析
Type: OpenClaw Skill
Name: restic-home-backup
Version: 1.0.2
The skill bundle is classified as suspicious due to several critical shell injection and path traversal vulnerabilities in `scripts/bootstrap_restic_home.sh`. User-provided inputs for `--repo`, `--password-file`, `--user`, and `--timezone` are not adequately sanitized before being written into configuration files or used in commands. This could allow a malicious actor to achieve arbitrary command execution (e.g., via crafted `--repo` value), manipulate arbitrary files (via `--password-file`), or alter the backup scope (via `--user`). While the `SKILL.md` defines good safety boundaries and the script implements an `--apply` mechanism, these vulnerabilities represent significant risks without clear evidence of intentional malicious design.
能力评估
Purpose & Capability
Name, description, SKILL.md workflow, ops checklist, and the bootstrap script all align: they implement restic-backed home-directory backups, systemd timers, retention/prune, and validation. The included script performs exactly the described tasks and enforces a plan-only default.
Instruction Scope
Instructions explicitly require user confirmation (or --apply) before writing to /etc, /usr/local/bin, or systemd, and the script enforces plan-only by default. The script does create credential and unit files, source /etc/restic-home.env, and may generate a password file under /etc/restic-home/password; these actions are expected for the stated purpose. Small caveat: SKILL.md promises 'Never print secrets' — the script prints the path to the generated password file but not the password itself, which matches the promise. Overall scope is appropriate.
Install Mechanism
This is an instruction-only skill with one included helper script; there is no automated installer or downloaded code from external URLs. Risk from install mechanism is low.
Credentials
The skill requests no environment variables or credentials in metadata, and it doesn't transmit secrets externally. The bootstrap generates and stores a password file and an /etc/restic-home.env file (both with chmod 600), which is appropriate. Minor mismatch: metadata does not list required binaries (restic, and optionally openssl), though the script checks for restic and uses openssl if available.
Persistence & Privilege
The script writes system files and creates/enables timers only when run with --apply; the skill is not always-enabled and does not request privileged persistent presence in the agent. This level of system access is expected and described in the SKILL.md.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install restic-home-backup - 安装完成后,直接呼叫该 Skill 的名称或使用
/restic-home-backup触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Hardening: default plan-only mode, explicit --apply for system writes, and opt-in flags for timers/init/initial run.
v1.0.1
Security hardening: bootstrap is now plan-only by default with explicit --apply required; systemd enable/init/first backup are opt-in flags.
v1.0.0
Initial release: automated restic home backup bootstrap with random password generation, timers, and ops checklist.
元数据
常见问题
Restic Home Backup 是什么?
Design, implement, and operate encrypted restic backups for Linux home directories with systemd automation, retention policies, and restore validation. Use w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 831 次。
如何安装 Restic Home Backup?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install restic-home-backup」即可一键安装,无需额外配置。
Restic Home Backup 是免费的吗?
是的,Restic Home Backup 完全免费(开源免费),可自由下载、安装和使用。
Restic Home Backup 支持哪些平台?
Restic Home Backup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Restic Home Backup?
由 Moep90(@moep90)开发并维护,当前版本 v1.0.2。
推荐 Skills