Back up OpenClaw workspace to a Git repository with Git LFS support.
Security Analysis
high confidenceclaw-saver appears to do its stated backup job, but it handles very sensitive OpenClaw secrets and uses unsafe shell command construction that needs review.
The backup and restore purpose is coherent, but the capability is very broad: it intentionally backs up nearly all of ~/.openclaw, including credentials, identity keys, tokens, knowledge bases, agent memory, and workspaces, to a Git repository.
The documentation discloses broad backup behavior, but its security section claims token isolation/no token commits while the backed-up set includes openclaw.json with tokens, creating a material ambiguity for users.
There is no remote install script; the code is included and git/git-lfs are declared. However, cron functionality depends on crontab and /bin/bash while the metadata has no OS restriction.
The skill reads, stages, pushes, and can restore/delete a full OpenClaw environment. That is purpose-aligned for a full backup tool, but high-impact and not protected by visible encryption, redaction, or private-repo enforcement.
Scheduled backups are disclosed and user-enabled, but they create a persistent cron job that stores/uses the Git token and repeatedly pushes sensitive OpenClaw state.
Guidance
Install only if you intentionally want a complete OpenClaw backup, including secrets and agent memory, in a trusted private Git repository. Before use, review config.json and the generated .gitignore, use a minimally scoped token, consider encrypting or excluding secrets, avoid untrusted repo/cron values, inspect your crontab after enabling scheduling, and test restore carefully.
Latest Release
v1.5.0
Initial release: backup/restore/cron, Git LFS, snapshot restore, TTY safety, exponential backoff
More by @jixsonwang
Published by @jixsonwang on ClawHub
