← Back to Skills Marketplace
VPS Backup
by
Carina MacInnes
· GitHub ↗
· v1.0.0
· MIT-0
85
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install vps-backup
Description
Automated daily VPS backup using restic — backs up OpenClaw workspace, SSH keys, project code, and session transcripts. Configures encrypted incremental snap...
Usage Guidance
Before installing or running this skill: (1) Understand sensitivity — it will back up ~/.ssh and exported session transcripts; decide whether you want those included or excluded. (2) Verify and audit export_sessions.py before using it (the docs point to a raw GitHub URL) — don't run an unreviewed downloader that could exfiltrate or modify data. (3) If using offsite push, ensure RCLONE_DEST points to a trusted destination and that access credentials for that remote are handled securely; avoid sending private keys/chat logs to third-party storage. (4) The skill uses BACKUP_PASSWORD/RESTIC_PASSWORD but the registry metadata does not declare these env vars — make sure you securely generate and store the password (as recommended) and confirm where RESTIC_PASSWORD is set. (5) Consider removing ~/.ssh from BACKUP_PATHS or encrypting the repo and limiting remote retention if you don't want private keys backed up. (6) Prefer inspecting the script locally and testing on a non-production VM first. If you want, I can: (a) list exact lines in scripts that touch sensitive files, (b) show what export_sessions.py would be expected to do given its repo, or (c) suggest a safer backup config that excludes secrets.
Capability Analysis
Type: OpenClaw Skill
Name: vps-backup
Version: 1.0.0
The skill is designed to back up highly sensitive data, explicitly including the `~/.ssh` directory, which contains private access keys. While this aligns with the stated purpose of a VPS backup tool, the default inclusion of SSH keys and the use of `curl` to download and install binaries (`restic` and `rclone`) from external URLs in `SKILL.md` present significant security and supply chain risks. There is no evidence of intentional malice or hardcoded exfiltration, but the broad data access and installation methods are high-risk.
Capability Assessment
Purpose & Capability
The skill's name/description (VPS backup using restic) matches the included script and docs: it backs up OpenClaw state, project code, SSH keys, and session transcripts. However, the registry metadata declares no required environment variables even though the SKILL.md and script rely on BACKUP_PASSWORD/RESTIC_PASSWORD and optionally RCLONE_DEST; that's an incoherence between declared requirements and actual behavior.
Instruction Scope
Instructions and the script will read and archive highly sensitive data (e.g., ~/.ssh and exported session transcripts) and instruct the user how to push backups offsite via rclone. The docs recommend fetching and running an external export_sessions.py from a GitHub URL — that external script could modify what gets archived or exfiltrate data. The script itself also captures hostname and node version; those are minor but potentially identifying. Overall the scope stays within 'backup' but includes sensitive data and a third-party downloader, which increases risk.
Install Mechanism
This is an instruction-only skill (no install spec). The SKILL.md suggests downloading restic and rclone from their official release pages (GitHub/releases and downloads.rclone.org), which is common practice. No opaque or shortened URLs are used for the primary tools. The only third-party fetch of concern is the session archiver raw GitHub URL referenced in docs/config.md.
Credentials
The skill relies on sensitive environment values (BACKUP_PASSWORD / RESTIC_PASSWORD and optionally RCLONE_DEST) but the registry metadata lists no required env vars; this mismatch is misleading. The backup targets include ~/.ssh and session transcripts — backing these up locally is reasonable for a full backup, but pushing them offsite (via rclone) can expose private keys and chat history if the remote is not fully controlled/trusted. The skill does not declare these env requirements in metadata, which reduces transparency.
Persistence & Privilege
No unusual persistence or elevated privileges are requested (always:false). The script runs as the user, writes into the user's backup directory, and suggests cron scheduling under the user's crontab. Autonomous invocation (disable-model-invocation:false) is normal platform behavior and not by itself concerning here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vps-backup - After installation, invoke the skill by name or use
/vps-backup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is VPS Backup?
Automated daily VPS backup using restic — backs up OpenClaw workspace, SSH keys, project code, and session transcripts. Configures encrypted incremental snap... It is an AI Agent Skill for Claude Code / OpenClaw, with 85 downloads so far.
How do I install VPS Backup?
Run "/install vps-backup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is VPS Backup free?
Yes, VPS Backup is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does VPS Backup support?
VPS Backup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created VPS Backup?
It is built and maintained by Carina MacInnes (@codaire); the current version is v1.0.0.
More Skills