Safety Report

gitbackup

Name: gitbackup
Author: Trumppo

Create a local Git bundle backup of the OpenClaw workspace repository. Use when running /gitbackup in Telegram or when the user asks to back up Git history/refs to a local file.

752Downloads

0Installs

0Stars

1Versions

File Management2,100 Notifications & Alerts1,061 Git & Version Control784 Legal & Compliance738

Security Analysis

high confidence

Clean

The skill does what it says (creates a local git bundle of the workspace); the included script is short and aligned with the description — no network exfiltration or hidden behavior — but note minor metadata/permission details you should check before installing.

Mar 7, 20263 files3 concerns

Purpose & Capabilitynote

The skill's name, description, SKILL.md, and provided script all consistently implement creating a local git bundle of the workspace. Minor mismatch: the skill metadata lists no required binaries, but the script requires git to be present (git is invoked via the git CLI).

Instruction Scopeok

SKILL.md simply instructs running the bundled script. The script only checks that the workspace is a Git repo, creates a backup directory, runs `git bundle create --all`, and prints path/size. It does not call external endpoints, read unrelated system config, or delete other data. Note: the bundle includes all refs/history and therefore may contain sensitive secrets present in the repo.

Install Mechanismok

Instruction-only skill (no install spec). There is a small included script but no downloads or package installs, so nothing is fetched from external URLs and nothing is written to disk aside from the created backup bundle when run.

Credentialsnote

The skill requests no environment variables or credentials (appropriate). It will read the entire workspace repository; that access is necessary for the stated purpose but could expose sensitive repo contents in the resulting bundle. Also the metadata omits declaring the dependency on the git binary.

Persistence & Privilegenote

The script writes persistent files to /root/.openclaw/backups. That is expected for a backup tool, but requires that the agent process has filesystem write access to that path (which often implies elevated or container root permissions). The skill does not modify other skills or system configs and is not set to always:true.

Guidance

What to check before installing/running: 1) Confirm the git CLI is available to the agent (metadata did not list it). 2) Inspect the script (it's short; it only runs git bundle create --all) and confirm you're comfortable letting the agent read the entire workspace repo — the bundle will include all history and refs and may contain secrets. 3) Ensure you want backups written to /root/.openclaw/backups and that there is sufficient disk space and secure storage for the bundles; consider changing the path if you don't want root storage. 4) The skill makes no network calls, so it won't exfiltrate data over the network by itself, but the generated bundle is local and must be protected. 5) If you want retention or offsite copies, implement additional tooling; the script explicitly says not to delete older bundles. 6) Run first in a safe environment (or inspect/modify the path) if you have any doubts.

Latest Release

v0.1.0

Initial publish

More by @Trumppo

2 stars

search-memory

0 stars

fullbackup

0 stars

mem

0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Published by @Trumppo on ClawHub