📦 OpenClaw Daily Backup — 日备
v1.3.1为OpenClab工作区提供每日自动备份、定时备份及一键恢复,保障数据安全与业务连续性。
0· 273·0 当前·0 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceThe skill appears to implement the described backup/restore functionality, but the bundle includes real workspace backup files and lots of provenance/marketing docs — this increases privacy risk and is unexpected for a simple skill package.
评估建议
This skill largely does what it claims (local backup/restore of SOUL files), but the package includes actual backup data (backups/...) and many delivery docs. Before installing or running scripts: 1) Inspect the included backups (backups/ and openclaw.sanitized.json) for any sensitive data or secrets — do not assume redaction is perfect. 2) Review scripts/scripts/*.mjs for any network calls or unexpected behavior (e.g., remote upload, telemetry) before executing. 3) Run operations initially in a...详细分析 ▾
ℹ 用途与能力
Name/description, scripts, and CLI usage align: the skill provides local backup/list/restore/validate for SOUL files. However, the repository includes an embedded backups/ directory with multiple timestamped and named backups (including AGENTS.md, IDENTITY.md, TOOLS.md, and openclaw.sanitized.json). Bundling real or example backups inside the skill is plausible as test data, but can be disproportionate because those files may contain sensitive agent personalities, configuration, or secrets. The presence of many delivery/commercial documents is noisy but not inherently inconsistent.
✓ 指令范围
SKILL.md gives concrete local commands (node scripts/backup.mjs, list.mjs, restore.mjs, validate.mjs) and file paths; instructions operate on local workspace files and do not instruct the agent to read unrelated system state or external credentials. Some example commands use absolute example paths (/Users/m1/.openclaw/workspace-hunter) and a placeholder git clone <backup-repo-url>, which require care but are not malicious. The docs explicitly acknowledge that backups contain sensitive data.
✓ 安装机制
There is no install spec — the skill is instruction/code-only and relies on Node.js built-ins (per CHANGELOG). No remote downloads or extract operations are declared in the registry metadata. This lowers supply-chain risk, but executing included scripts will write/read local disk.
ℹ 凭证需求
The skill declares no required environment variables or credentials, which matches expectations. However, running the scripts will read and write local workspace files (SOUL.md, USER.md, AGENTS.md, TOOLS.md, etc.), which can contain API keys and other secrets. The repository already contains example/test backups; verify that sensitive values are actually redacted (the changelog claims openclaw.json sanitization). Because the package bundles backup artifacts, there's a privacy/secret-exposure risk even though no credentials are requested at install time.
✓ 持久化与权限
The skill does not demand always:true or elevated platform privileges. It operates on files in the workspace and creates backups under its own backups/ directory. It does not appear to modify other skills or global agent configuration. Normal caution about file writes applies.
⚠ backups/2026-03-14T05-39-50/openclaw.sanitized.json:246
Install source points to URL shortener or raw IP.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.3.12026/3/14
Align description with when-to-use trigger language for clearer ClawHub discovery.
● 无害
安装命令
点击复制官方npx clawhub@latest install openclaw-daily-backup
镜像加速npx clawhub@latest install openclaw-daily-backup --registry https://cn.longxiaskill.com