← 返回 Skills 市场
Synology Backup
作者
Paul Frederiksen
· GitHub ↗
· v2.0.3
· MIT-0
1086
总下载
2
收藏
5
当前安装
17
版本数
在 OpenClaw 中安装
/install synology-backup
功能描述
Backup and restore OpenClaw workspace, configs, and agent data to a Synology NAS via SMB or SSH/rsync. Use when: backing up workspace files, restoring from a...
安全使用建议
This skill appears to be what it claims: a Synology NAS backup/restore utility implemented with readable shell scripts and JSON config. Before installing, consider the following: 1) Prefer SSH transport with key-based auth (no SMB password file) and use Tailscale if you need remote connectivity. 2) Do not add sensitive files (like .env or API keys) to backupPaths unless you understand the risk and the NAS share is tightly access-controlled and encrypted. 3) The scripts expect a credentials file (~/.openclaw/.smb-credentials) for SMB or SSH keys in ~/.ssh for SSH — ensure those files are created securely (chmod 600) and managed by you. 4) The bundle optionally supports Telegram notifications; if you enable them you will need to supply a bot/token out of band — the skill metadata does not declare a Telegram credential variable. 5) Mounting CIFS may require root privileges; test the scripts with --dry-run and in a safe environment before scheduling them in production. 6) If you want extra assurance, inspect the send_telegram implementation in lib.sh (it is referenced by the scripts) and test the dry-run path to confirm behavior matches your expectations.
功能分析
Type: OpenClaw Skill
Name: synology-backup
Version: 2.0.3
The synology-backup skill is a well-structured utility for backing up OpenClaw data to a Synology NAS via SMB or SSH. The scripts (backup.sh, restore.sh, verify.sh) include robust security practices, such as comprehensive input validation in lib.sh to prevent shell injection, path allowlisting during restoration to prevent arbitrary file writes, and secure credential management via a restricted-permission file. The instructions in SKILL.md are aligned with the stated purpose and do not contain any malicious prompt-injection attempts.
能力评估
Purpose & Capability
Name/description align with the files and behavior: scripts perform rsync/cifs or rsync-over-SSH backups, snapshotting, pruning, integrity verification, and restore. Declared required binaries (rsync, jq) and the apt suggestions (cifs-utils, rsync, jq) are appropriate for the intended functionality.
Instruction Scope
SKILL.md and the scripts limit actions to mounting the NAS, running rsync/cp, building manifests, pruning snapshots, and reporting status. The code explicitly validates config fields and backup path values, and uses an allowlist for restore operations. Note: the skill will back up sub-agent workspaces by default and can be configured to include sensitive files (e.g., .env) — the documentation warns about this. Also the scripts expect the user to create local credentials and SSH known_hosts entries; these are operationally necessary but expand the data the skill touches (local configs and optionally secrets if the user opts to include them).
Install Mechanism
There is no automated download/install step in the registry spec; the bundle is source + scripts and the SKILL.md lists apt install commands for required packages. No remote downloads or archive extraction are used by the install instructions, which reduces supply-chain risk.
Credentials
The registry metadata declares no required environment variables or primary credential; the skill instead relies on a user-provided JSON config (~/.openclaw/synology-backup.json), an SMB credentials file (~/.openclaw/.smb-credentials) for SMB transport, or SSH key auth for SSH transport — all proportional to a backup tool. Minor discrepancy: the scripts reference optional Telegram notifications (send_telegram) and TELEGRAM_TARGET in config, which implies the use of a Telegram bot token or similar credential at runtime, but no explicit env var is declared in the skill metadata — the token would be a separate user-provided secret. Also mounting CIFS typically requires appropriate system privileges (root) which the registry metadata does not mention; this is an operational requirement rather than a covert one.
Persistence & Privilege
always:false and model invocation are default. The skill does not request permanent/global agent privileges and does not modify other skills' configs. It writes state/manifest files into user-specified locations on the NAS or local temp/state files in the skill directory — expected for a backup tool.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install synology-backup - 安装完成后,直接呼叫该 Skill 的名称或使用
/synology-backup触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.3
Cleaned notification flow, removed hidden shell-side delivery, aligned docs with implementation, and kept backup behavior hardened for safer cron-owned alerts.
v2.0.2
Security hardening: StrictHostKeyChecking=yes in all scripts (was accept-new), add metadata.requires declaring rsync/jq/cifs-utils dependencies for registry scanners
v2.0.1
Docs: address security review findings — document jq dependency, Telegram alert mechanism (no bot token stored), SSH accept-new host key warning, .env exclusion rationale, dry-run recommendation before enabling cron
v2.0.0
Fix fragile rsync: --copy-links to dereference symlinks (fixes SMB I/O errors on symlinked files), continue past per-path failures instead of aborting, mount retry with health check, detailed failure alerts showing which paths failed
v1.2.1
- Improved backup logging: now prints a summary table after each backup run, including status, snapshot date, and result for easier tracking.
- Enhanced error handling in backup.sh to ensure clearer exit codes and failure alerts.
- Refactored code in scripts/backup.sh and scripts/lib.sh for reliability and maintainability.
- No changes to configuration or usage required.
v1.2.0
- Adds support for excluding files/folders via backupExclude config field.
- Adds preRestoreRetention setting to control how long pre-restore safety snapshots are kept.
- Option to send Telegram notification on successful backups with notifyOnSuccess.
- Expanded and clarified SSH transport configuration (sshHost, sshPort, sshDest).
- Always excludes .git/ and node_modules/ from backups to save space and improve speed.
v1.1.5
synology-backup 1.1.5
- Updated scripts/backup.sh (details not specified).
- No changes to documented usage or configuration.
- SKILL.md unchanged except for this release record.
v1.1.4
- Internal improvements to scripts/lib.sh for reliability or maintainability.
- No user-facing changes or modifications to documentation or behavior.
v1.1.3
synology-backup v1.1.3
- Minor update to scripts/lib.sh.
- No changes to usage, configuration, or feature set.
- Documentation remains unchanged except for possible small edits.
- No impact on existing backups or compatibility.
v1.1.2
- Updated documentation to clarify configuration details and improve setup instructions.
- Changed the example `telegramTarget` value from a hardcoded group ID to a placeholder (`-100xxxxxxxxxx`) for better security and clarity.
- Fixed commands in the cron registration example to use `~` for home directory instead of absolute `/root/` paths.
- Updated configuration table to refine default values and descriptions, especially for `telegramTarget`.
- No changes to the skill logic or functionality; documentation only.
v1.1.1
- Updated the failure alert example to use placeholders for hostname and date instead of specific values.
- Removed default Telegram alert target group reference from documentation.
- No changes to functionality; documentation only.
v1.1.0
**Adds SSH/rsync transport, integrity verification, and failure alerting via Telegram.**
- SSH/rsync can now be used as an alternative to SMB for backups.
- New `verify.sh` script checks backup integrity with checksums and counts.
- Backup failures automatically trigger a Telegram alert (configurable target).
- Pre-restore safety snapshots are created before restoring, enabling quick undo.
- Enhanced validation, security notes, and improved modular code via new `lib.sh`.
v1.0.4
Security hardening: added regex validation for share (alphanumeric/slashes only), mountPoint (absolute path only), and backupPaths (no command substitution, semicolons, pipes, backticks, or path traversal). Added boolean validation for includeSubAgentWorkspaces. Restore workspace names validated against strict pattern. All config inputs now validated before any shell command execution.
v1.0.3
Security fix: hardened all scripts against shell injection. All config-derived variables are now quoted, validated with regex allowlists (host, smbVersion, date format), and read via safe loops instead of command substitution expansion. Added path traversal protection in restore.
v1.0.2
Security hardening: removed curl-pipe-sh install pattern (link to official docs instead), made .env backup opt-in not default, replaced rm -rf prune with trash-then-clean pattern, added guidance for minimal NAS user permissions.
v1.0.1
Fix: removed example credential patterns that triggered security scanner. Credentials setup now uses editor instructions instead of inline examples.
v1.0.0
Initial release: backup, restore, status scripts. SMB over Tailscale. Config-driven with credentials file auth. 7-day retention with auto-prune.
元数据
常见问题
Synology Backup 是什么?
Backup and restore OpenClaw workspace, configs, and agent data to a Synology NAS via SMB or SSH/rsync. Use when: backing up workspace files, restoring from a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1086 次。
如何安装 Synology Backup?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install synology-backup」即可一键安装,无需额外配置。
Synology Backup 是免费的吗?
是的,Synology Backup 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Synology Backup 支持哪些平台?
Synology Backup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Synology Backup?
由 Paul Frederiksen(@pfrederiksen)开发并维护,当前版本 v2.0.3。
推荐 Skills