📦 fullbackup — 一键全量备份

v0.1.0

调用本地 backup-local.sh 脚本，一键打包 OpenClaw 工作区与全部配置，生成完整离线备份，支持 Telegram /fullbackup 指令或用户主动触发，确保数据安全可快速恢复。

0· 1.1k·1 当前·1 累计

by @trumppo (Trumppo)

安全文件处理系统工具

下载技能包

最后更新

2026/3/1

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

The skill's declared purpose (run the workspace backup script) matches its implementation, but it delegates execution to an external workspace script that is not bundled or reviewed and therefore could perform actions beyond a 'local backup' (including network exfiltration), so proceed with caution.

评估建议

This skill simply runs your workspace's backup-local.sh. Before installing or invoking it: (1) review /root/.openclaw/workspace/scripts/backup-local.sh to confirm it only creates local archives and does not upload data or leak secrets, (2) verify the archive location and contents (look for secrets or unexpected files), (3) run the backup manually in a safe environment or with a dry-run option if available, and (4) prefer a skill with a known source or include the actual backup script in the bund...

详细分析 ▾

ℹ 用途与能力

Name/description match the behavior: the skill runs an existing workspace backup script. It does not request unrelated credentials or extras. However it relies on /root/.openclaw/workspace/scripts/backup-local.sh (not included in the skill bundle), so correctness and safety depend entirely on that external script.

⚠ 指令范围

SKILL.md instructs running the bundled wrapper which simply executes the workspace's backup-local.sh. The wrapper/skill does not inspect or limit what the backup script does — the backup script could read arbitrary files, include secrets, or upload archives to remote endpoints. The SKILL.md expects the script to 'print the archive path and size' but neither the wrapper nor the SKILL.md enforce or verify that behavior.

✓ 安装机制

No install spec (instruction-only plus a tiny wrapper script). Nothing is downloaded or extracted by the skill itself; that is low install risk.

ℹ 凭证需求

The skill requires no environment variables or credentials. That is proportionate. Still, it operates over files under /root/.openclaw (sensitive workspace and config paths), so it needs file-system access to sensitive data even though no explicit secrets are requested.

✓ 持久化与权限

always is false and the skill does not request persistent privileges or modify other skills. The agent could invoke the skill autonomously (platform default), but that is not elevated here — the main risk is what the external backup script does when executed.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv0.1.02026/2/9

Initial publish

● 无害

安装命令

点击复制

官方npx clawhub@latest install fullbackup

镜像加速npx clawhub@latest install fullbackup --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库