← 返回 Skills 市场
375
总下载
1
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install self-backup
功能描述
Backup OpenClaw workspace files like AGENTS.md, SOUL.md, scripts/, and configs to a GitHub repo, with token sanitization and version control.
安全使用建议
This skill appears to do what it says, but before using it: 1) Review the three scripts (setup.sh, backup.sh, sanitize-config.sh) yourself to confirm they match your expectations. 2) Be aware the scripts will read files under ~/.openclaw (AGENTS.md, SOUL.md, MEMORY.md, openclaw.json, scripts/, skills/), so sensitive content could be copied to the remote repo. 3) Ensure you have git, jq, and (optionally) gh installed — the metadata didn't declare these but the scripts require them; without jq sanitization is skipped. 4) Use a private repository you control and test with --dry-run first. Inspect the sanitized openclaw.json output to verify redaction is sufficient for your config (the sanitizer targets specific keys and may miss nonstandard tokens). 5) Avoid running as an elevated user; consider running the backup once manually in a safe environment or container before trusting automated/autonomous runs. 6) If you do not trust the skill or want stricter guarantees, copy files manually into a safe location and audit them before pushing to any remote.
功能分析
Type: OpenClaw Skill
Name: self-backup
Version: 1.0.0
The 'self-backup' skill is designed to back up OpenClaw workspace configuration, scripts, and memory logs to a user-specified GitHub repository. It includes a proactive security measure in `scripts/sanitize-config.sh` that uses `jq` to redact sensitive API tokens (Telegram, Discord, etc.) from `openclaw.json` before pushing to the remote repository. The scripts (`backup.sh`, `setup.sh`) are transparent, follow the stated purpose, and do not contain any hidden exfiltration or malicious execution logic.
能力评估
Purpose & Capability
The skill's name/description match what the scripts do: copy ~/.openclaw workspace files, sanitize, and push to a GitHub repo. However, the registry metadata claims no required binaries or env vars while the scripts clearly expect git, jq (for sanitization), and optionally the GitHub CLI (gh). That mismatch between declared requirements and actual runtime needs is a configuration/information gap that could surprise users.
Instruction Scope
SKILL.md and the scripts explicitly instruct the agent/user to read files under ~/.openclaw (AGENTS.md, SOUL.md, openclaw.json, scripts, memory, skills metadata) and to clone/push to a remote GitHub repository. Reading these local files is required for the stated backup purpose, but it does mean the skill will access potentially sensitive files (memory, identity, skill metadata). The scripts copy SKILL.md files from local skills (metadata-only), which could disclose local skill information.
Install Mechanism
There is no install spec (instruction-only) and the skill ships scripts that will run on-demand; nothing is downloaded from arbitrary URLs. This lowers code-install risk. Still, the scripts assume external tools (git, jq, gh) that must be present or installed per SKILL.md.
Credentials
The skill declares no required environment variables or primary credential, yet it expects the user to authenticate to GitHub (gh auth login) or otherwise provide git credentials to push backups. The omission of these expectations from metadata is misleading. Also, although sanitize-config.sh redacts some known token fields in openclaw.json, sanitization targets a limited set of keys and will skip sanitization if jq is missing — so secrets could still be pushed if users don't review outputs or lack jq.
Persistence & Privilege
The skill is not force-enabled (always: false) and does not request persistent elevated privileges. It can be invoked autonomously (platform default), which increases blast radius if you allow autonomous execution, but this is normal for skills and not a standalone red flag here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install self-backup - 安装完成后,直接呼叫该 Skill 的名称或使用
/self-backup触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the self-backup skill for OpenClaw.
- Backs up key workspace files (configurations, scripts, skill metadata) to a configurable private GitHub repository.
- Includes automatic sanitization of sensitive tokens for security.
- Provides easy setup, restore, and manual/automated backup options.
- Supports customizable repository structure and backup content via configuration.
- Documentation covers setup, usage, restore process, and troubleshooting tips.
元数据
常见问题
self-backup 是什么?
Backup OpenClaw workspace files like AGENTS.md, SOUL.md, scripts/, and configs to a GitHub repo, with token sanitization and version control. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 375 次。
如何安装 self-backup?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install self-backup」即可一键安装,无需额外配置。
self-backup 是免费的吗?
是的,self-backup 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
self-backup 支持哪些平台?
self-backup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 self-backup?
由 Yue Ma(@mayueanyou)开发并维护,当前版本 v1.0.0。
推荐 Skills