Safety Report

fullbackup

Name: fullbackup
Author: Trumppo

Create a full local backup of the OpenClaw workspace and configuration using the existing backup-local.sh script. Use for /fullbackup in Telegram or when the user asks for a complete local backup.

742Downloads

0Installs

0Stars

1Versions

File Management2,100 CLI & Shell Tools1,805 Networking & DNS1,102 Notifications & Alerts1,061

Security Analysis

medium confidence

Suspicious0.08 risk

The skill's declared purpose (run the workspace backup script) matches its implementation, but it delegates execution to an external workspace script that is not bundled or reviewed and therefore could perform actions beyond a 'local backup' (including network exfiltration), so proceed with caution.

Feb 11, 20263 files3 concerns

Purpose & Capabilitynote

Name/description match the behavior: the skill runs an existing workspace backup script. It does not request unrelated credentials or extras. However it relies on /root/.openclaw/workspace/scripts/backup-local.sh (not included in the skill bundle), so correctness and safety depend entirely on that external script.

Instruction Scopeconcern

SKILL.md instructs running the bundled wrapper which simply executes the workspace's backup-local.sh. The wrapper/skill does not inspect or limit what the backup script does — the backup script could read arbitrary files, include secrets, or upload archives to remote endpoints. The SKILL.md expects the script to 'print the archive path and size' but neither the wrapper nor the SKILL.md enforce or verify that behavior.

Install Mechanismok

No install spec (instruction-only plus a tiny wrapper script). Nothing is downloaded or extracted by the skill itself; that is low install risk.

Credentialsnote

The skill requires no environment variables or credentials. That is proportionate. Still, it operates over files under /root/.openclaw (sensitive workspace and config paths), so it needs file-system access to sensitive data even though no explicit secrets are requested.

Persistence & Privilegeok

always is false and the skill does not request persistent privileges or modify other skills. The agent could invoke the skill autonomously (platform default), but that is not elevated here — the main risk is what the external backup script does when executed.

Guidance

This skill simply runs your workspace's backup-local.sh. Before installing or invoking it: (1) review /root/.openclaw/workspace/scripts/backup-local.sh to confirm it only creates local archives and does not upload data or leak secrets, (2) verify the archive location and contents (look for secrets or unexpected files), (3) run the backup manually in a safe environment or with a dry-run option if available, and (4) prefer a skill with a known source or include the actual backup script in the bundle so it can be audited. Because the source is unknown and the real work happens in an external script, treat this as potentially risky until you inspect that script.

Latest Release

v0.1.0

Initial publish

More by @Trumppo

2 stars

gitbackup

0 stars

search-memory

0 stars

mem

0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Published by @Trumppo on ClawHub