中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:11 hr ago Rescan
5 /100
openclaw-backup
Encrypted backup and restore for OpenClaw agents
合法的 OpenClaw 备份恢复技能,具备完善的敏感数据保护和加密机制
Skill Nameopenclaw-backup
Duration43.9s
Enginepi
Safe to install
可安全使用,建议在使用前验证 openclaw CLI 和 age 工具已正确安装

Findings 3 items

Severity Finding Location
Info
访问 .openclaw 配置目录 Sensitive Access
脚本访问 $HOME/.openclaw 目录备份工作空间和配置,符合工具声明的备份目标
OPENCLAW_DIR="${OPENCLAW_DIR:-$HOME/.openclaw}"
→ 预期行为,工具正常工作需要
 scripts/backup.sh:11
Info
.env 文件访问(需显式授权) Sensitive Access
--include-secrets 标志明确要求时才备份 .env 文件,且强制加密
copy_file "$OPENCLAW_DIR/.env" "$SEC_STAGE/openclaw/.env" ".env"
→ 预期行为,安全设计良好
 scripts/backup.sh:189
Info
GitHub 推送需认证 Doc Mismatch
push-to-github.sh 验证 gh auth status,未认证则拒绝操作
gh auth status >/dev/null 2>&1 || die "gh CLI is not authenticated"
→ 预期行为,需用户授权
 scripts/push-to-github.sh:53
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned backup.sh:75 cp -R 操作
Environment READ READ ✓ Aligned backup.sh:9 读取 AGE_RECIPIENT 等配置
Network READ READ ✓ Aligned push-to-github.sh:73 gh api 调用
Shell WRITE WRITE ✓ Aligned restore.sh:84 bash verify.sh 调用

File Tree

15 files · 52.1 KB · 1605 lines
Shell 8f · 1175L Markdown 7f · 430L
├─ 📁 references
│ ├─ 📝 restore-guide.md Markdown 117L · 3.7 KB
│ ├─ 📝 retention-policy.md Markdown 32L · 1.4 KB
│ ├─ 📝 what-to-backup.md Markdown 40L · 3.1 KB
│ └─ 📝 workflows.md Markdown 33L · 806 B
├─ 📁 scripts
│ ├─ 🔧 backup.sh Shell 271L · 8.7 KB
│ ├─ 🔧 monthly-drill.sh Shell 96L · 3.0 KB
│ ├─ 🔧 pre-change-snapshot.sh Shell 66L · 2.5 KB
│ ├─ 🔧 push-to-github.sh Shell 144L · 4.4 KB
│ ├─ 🔧 restore.sh Shell 197L · 6.1 KB
│ ├─ 🔧 schedule.sh Shell 57L · 2.1 KB
│ ├─ 🔧 verify.sh Shell 132L · 3.9 KB
│ └─ 🔧 weekly-verify.sh Shell 212L · 6.0 KB
├─ 📝 CHANGELOG.md Markdown 17L · 749 B
├─ 📝 README.md Markdown 94L · 2.4 KB
└─ 📝 SKILL.md Markdown 97L · 3.3 KB

Dependencies 5 items

PackageVersionSourceKnown VulnsNotes
tar system system No 系统自带,用于打包
python3 system system No 系统自带,用于校验和 JSON 处理
age optional external No 可选,仅 secrets 备份需要
gh optional external No 可选,仅 GitHub 推送需要
openclaw optional external No 可选,仅定时任务需要

Security Positives

✓ 敏感字段(token/secret/password/key/auth)自动脱敏为 [REDACTED]
✓ secrets 备份强制 age 加密,拒绝未加密传输
✓ restore 操作支持 --dry-run 和交互确认,防止误操作
✓ 备份前自动创建 rollback 快照
✓ manifest 包含 SHA256 校验和验证完整性
✓ weekly-verify.sh 实现智能保留策略(14个最新+8周+6月)
✓ 推送前检查 .age 扩展名,防止误传明文密钥
✓ 代码结构清晰,错误处理完善