Backup agent brain (workspace) and body (state) to local folder and optionally sync to cloud via rclone.
Security Analysis
medium confidenceThe skill's files and instructions match its stated purpose (local encrypted backups + optional rclone sync); issues are small implementation/packaging inconsistencies rather than malicious behavior.
The script performs exactly what the description says: detects OpenClaw paths, stages workspace/state/skills, compresses with tar, encrypts with GPG, prunes old backups, and optionally syncs via rclone. Minor mismatch: the runtime script uses rsync but the declared required binaries list and metadata do not include rsync. package.json lists 'rclone' and 'gpg' under npm 'dependencies' (these are system binaries, not npm packages), which is a packaging/metadata inconsistency but not evidence of malicious intent.
SKILL.md and the script instruct the agent to read ~/.openclaw/openclaw.json and then copy the entire workspace, state, and skills directories (subject to configured exclusions). That behavior is expected for a full backup tool. There are no hidden network endpoints or unexpected data exfiltration steps beyond optional rclone sync to the user-configured remote.
No install spec is provided (instruction-only + included script), so nothing is downloaded at install time. package.json exists but no install/download behavior is defined. The npm 'dependencies' entry is incorrect (lists system tools) — this is a packaging mistake, not an active install risk.
No required credentials are declared. The script accepts a BACKUP_PASSWORD (env var, skill config, or key file at ~/.openclaw/credentials/backup.key), which is appropriate for symmetric encryption. It reads local OpenClaw config and filesystem paths (expected). There are no unrelated external credential requests.
The skill does not request always:true and does not modify other skills or global agent configuration. It runs as a one-off backup tool and only accesses files/dirs relevant to backup.
Guidance
This skill appears to do what it says, but review a few items before use: 1) The script calls rsync but rsync is not listed in the required binaries — install rsync or add it to your checks. 2) package.json incorrectly lists system tools as npm dependencies; ignore or fix this if packaging is required. 3) The script will read and copy your entire OpenClaw state, workspace, and skills directories — verify there is no sensitive data you don't want included or ensure the backupRoot is secure. 4) Encryption password handling: BACKUP_PASSWORD can come from an env var, skill config, or ~/.openclaw/credentials/backup.key — make sure any file storing the password has tight filesystem permissions and consider using a secrets manager if available. 5) If you enable rclone sync, verify your rclone remote is correctly configured and test with a non-sensitive destination first. 6) Run the script in a dry-run/test mode on a small dataset and inspect outputs before scheduling automatic or frequent runs. These are best-practice cautions; nothing in the code indicates covert exfiltration or intent to misuse credentials.
Latest Release
v2.2.0
Added manual override support for custom setups. Priority: config → env → auto-detect. All paths now overridable via skill config.
More by @VACInc
Published by @VACInc on ClawHub
