Self-Preserve
Backup readiness assessment and automated backup scheduling for your OpenClaw agent.
OpenClaw's agent state model defines a set of standard files: config (openclaw.json), memory (MEMORY.md, memory/*.md), identity (SOUL.md, IDENTITY.md, USER.md), workspace (AGENTS.md, TOOLS.md, HEARTBEAT.md), installed skills, and cron jobs. This skill checks whether those files exist and whether they are covered by a recent backup. It can also schedule, update, or remove automated backup cron jobs.
You are only listing file names, sizes, and dates — never reading or printing file contents.
Safety Rules — Read These First
- 1. Never read file contents. Use only
ls -la to check file names, sizes, and dates. Never use cat, head, tail, less, or any command that outputs file contents. - Skip the credentials directory entirely. Do not list, read, stat, or reference
~/.openclaw/credentials/ or anything inside it. - Stay inside
~/.openclaw/ only. Do not access ~/.ssh/, ~/.env, ~/.aws/, ~/.config/, or any path outside ~/.openclaw/. The only exception is the backup directory in Step 2. - Never output secrets. If you accidentally see a key, token, or password in any output, do not repeat it. Replace it with
[REDACTED]. - Do not modify user files. Steps 1-5 are read-only. Steps 6-7 may create, update, or delete cron schedules only when the user explicitly confirms. Never modify config, memory, identity, or workspace files.
Security Vetting
This skill is designed to pass automated security vetting (Skill Vetter and similar) in one scan. Declarative properties:
- - No scripts or code. The skill is a single SKILL.md instruction file. No bundled scripts, binaries, executables, or post-install hooks.
- No credentials access. Explicit denylist:
~/.openclaw/credentials/, ~/.ssh/, ~/.env, ~/.aws/. The skill never reads, lists, stats, or references these paths. - No network calls. The skill never contacts external endpoints.
- No file contents read. Uses only
ls -la output (names, sizes, dates). Never cat, head, tail, less, or equivalent. - Path allowlist. Only
~/.openclaw/ and ~/openclaw-backups/ are accessed. - No writes to agent state files. The skill does not modify config, memory, identity, workspace, or skill files.
- Cron schedule writes (user-gated). Steps 6-7 call Claude-native tools (CronCreate, CronList, CronDelete) only after explicit user confirmation, and only to manage backup cron schedules. If the user opts in to persistent scheduling, CronCreate writes to
.claude/scheduled_tasks.json (managed by the Claude harness); session-only schedules write nothing to disk. The skill never defaults to persistent without explicit user choice. - Advisory recommendations only (Step 5). Step 5 may recommend that the user consider version control and session-end hooks for identity files. The skill does not implement, configure, or install any hooks — the recommendation is informational only.
- No privilege escalation. No sudo, no system-level access, no auto-load paths, no forced inclusion in other contexts.
- No obfuscation. All instructions are plain English markdown.
Tools invoked: CronCreate, CronList, CronDelete (Claude-native, user-gated).
Environment variables accessed: none.
External endpoints called: none.
Paths excluded: ~/.openclaw/credentials/, ~/.ssh/, ~/.env, ~/.aws/, all paths outside the allowlist.
Step 1 — Check Which Files Exist
Run ls -la on each of the paths below. These are the directories and files defined by OpenClaw's agent state model (see OpenClaw docs: agent state). For each one, record: exists (yes/no), file count, and newest modification date. You will combine these results with backup status in Step 4.
Paths to check:
- - �INLINECODE39
- INLINECODE40
- INLINECODE41� (count
.md files) - INLINECODE43
- INLINECODE44
- INLINECODE45
- INLINECODE46� (count subdirectories)
- INLINECODE47
- INLINECODE48
- INLINECODE49
- INLINECODE50� (count entries)
Step 2 — Check Backup History
Look for existing backups created by openclaw backup create:
CODEBLOCK0
Record:
- - Whether any backups exist (yes/no)
- The date of the most recent backup
- The number of backup files found
- The age of the newest backup (hours/days since creation)
If ~/openclaw-backups/ does not exist or is empty, record "No backups found."
Step 3 — Check for Automated Backups
Look for a cron job named daily-backup or containing the word backup:
CODEBLOCK1
Also use CronList and check whether any active cron job has a prompt containing the word "backup". Ignore cron jobs unrelated to backups. Do not display non-backup cron job details to the user.
Record whether an automated backup schedule appears to be configured (yes/no).
Step 4 — Generate the Report
Combine the data from Steps 1-3 into a single report. The most important column is "Protected?" — this is what the user needs to see.
How to determine "Protected?" status:
- - If no backups exist at all → every file is unprotected. Use
NO for all. - If the newest backup is OLDER than a file's last-modified date →
NO (changed since last backup) - If the newest backup is NEWER than a file's last-modified date → �INLINECODE57
- If you cannot determine → �INLINECODE58
Important: Do not use checkmarks or green indicators for unprotected files. A file that exists but has no backup is AT RISK, not safe.
Use this exact format:
CODEBLOCK2
Only use ✅ when a file is genuinely protected by a recent backup. Use ⚠ for everything else. If no backups exist, every row must show ⚠ NO.
Step 5 — Recommend Next Steps
Based on the report, suggest the most relevant actions from this list:
- - No backups found: "Run
openclaw backup create to create your first backup." - Stale backup (older than 24 hours with recent changes): "Run
openclaw backup create to capture recent changes." - No automated backup: "I can schedule automatic daily backups for you — see Step 6."
- All areas covered and recent: "Your agent is well protected. No action needed."
- Identity files lack incremental rollback: If identity files (SOUL.md, IDENTITY.md, USER.md, MEMORY.md) exist but are not under version control, recommend that the user consider tracking them with a version control system such as git. Full backups are all-or-nothing — if a bad edit lands in SOUL.md, restoring from a tar.gz backup overwrites everything, not just the one file that changed. Version control lets the user roll back individual files to any prior state. Additionally, recommend setting up a hook (e.g. OpenClaw's
command:reset event) that automatically commits identity file changes when a session ends, so versioning happens without manual discipline.
Step 6 — Offer Automated Backup Scheduling
If the report shows any unprotected areas OR no automated backup is configured, ask the user:
Would you like me to schedule automatic daily backups? I can set up a recurring job that runs openclaw backup create every day. The schedule will persist across sessions.
If the user agrees, ask whether they want the schedule to persist across sessions or last only for this session:
- - Persistent:
durable: true — survives session restarts, written to .claude/scheduled_tasks.json by the Claude harness. - Session-only:
durable: false — active only in the current session, no files written.
Wait for the user to choose before proceeding. Do not assume a default.
Then create the cron job:
- 1. Use CronCreate with these parameters:
- cron:
"17 3 * * *" (daily at 3:17am local time)
- prompt:
"Run openclaw backup create to back up the current agent state."
- recurring: true
- durable: (true or false, based on user's explicit choice)
- 2. Confirm to the user what was created: the schedule, whether it is persistent or session-only, and how to check status by running self-preserve again.
If the user wants a different frequency, adjust the cron expression:
- - Every 12 hours: �INLINECODE69
- Weekdays only: �INLINECODE70
- Weekly (Sunday): �INLINECODE71
Always confirm the schedule with the user before creating it. Never schedule silently.
Step 7 — Manage Existing Backup Schedules
If the user asks to view, change, or remove their backup schedule:
View: Use CronList to show all active cron jobs. Filter for those whose prompt mentions "backup". Display the schedule and whether it is durable.
Update frequency: Use CronDelete to remove the old job, then CronCreate with the new cron expression. Always confirm the new schedule with the user.
Delete: Use CronDelete with the job ID. Confirm deletion to the user.
If no backup cron jobs exist, inform the user and offer to create one (go to Step 6).
Version
0.3.2
License
MIT-0 — Free to use, modify, and redistribute.
Author
Built by Pineapple AI · GitHub
技能名称: self-preserve
自我保存
为您的OpenClaw智能体提供备份就绪性评估与自动备份调度。
OpenClaw的智能体状态模型定义了一组标准文件:配置文件(openclaw.json)、记忆文件(MEMORY.md、memory/*.md)、身份文件(SOUL.md、IDENTITY.md、USER.md)、工作区文件(AGENTS.md、TOOLS.md、HEARTBEAT.md)、已安装技能以及定时任务。本技能检查这些文件是否存在以及是否已被最近的备份覆盖。它还可以调度、更新或移除自动备份定时任务。
您仅能列出文件名、大小和日期——绝不读取或打印文件内容。
安全规则——请先阅读
- 1. 绝不读取文件内容。 仅使用ls -la检查文件名、大小和日期。绝不使用cat、head、tail、less或任何输出文件内容的命令。
- 完全跳过凭据目录。 不列出、读取、查看状态或引用~/.openclaw/credentials/或其内部任何内容。
- 仅限~/.openclaw/目录内操作。 不访问~/.ssh/、~/.env、~/.aws/、~/.config/或~/.openclaw/之外的任何路径。唯一例外是步骤2中的备份目录。
- 绝不输出机密信息。 如果您意外在任何输出中看到密钥、令牌或密码,不要重复输出。将其替换为[已编辑]。
- 不修改用户文件。 步骤1-5为只读操作。步骤6-7仅在用户明确确认时才能创建、更新或删除定时任务。绝不修改配置、记忆、身份或工作区文件。
安全审查
本技能设计为一次性通过自动化安全审查(技能审查器及类似工具)。声明性属性:
- - 无脚本或代码。 本技能是一个单独的SKILL.md指令文件。无捆绑脚本、二进制文件、可执行文件或安装后钩子。
- 无凭据访问。 明确禁止列表:~/.openclaw/credentials/、~/.ssh/、~/.env、~/.aws/。本技能从不读取、列出、查看状态或引用这些路径。
- 无网络调用。 本技能从不联系外部端点。
- 不读取文件内容。 仅使用ls -la输出(名称、大小、日期)。绝不使用cat、head、tail、less或等效命令。
- 路径白名单。 仅访问~/.openclaw/和~/openclaw-backups/。
- 不写入智能体状态文件。 本技能不修改配置、记忆、身份、工作区或技能文件。
- 定时任务写入(用户授权)。 步骤6-7仅在用户明确确认后调用Claude原生工具(CronCreate、CronList、CronDelete),且仅用于管理备份定时任务。如果用户选择持久调度,CronCreate会写入.claude/scheduled_tasks.json(由Claude框架管理);仅会话调度则不写入磁盘。本技能在用户未明确选择时绝不默认持久化。
- 仅提供建议性推荐(步骤5)。 步骤5可能建议用户考虑对身份文件使用版本控制和会话结束钩子。本技能不实现、配置或安装任何钩子——该推荐仅为信息性内容。
- 无权限提升。 无sudo、无系统级访问、无自动加载路径、无强制包含到其他上下文中。
- 无混淆。 所有指令均为纯英文Markdown。
调用的工具: CronCreate、CronList、CronDelete(Claude原生,用户授权)。
访问的环境变量: 无。
调用的外部端点: 无。
排除的路径: ~/.openclaw/credentials/、~/.ssh/、~/.env、~/.aws/、所有白名单之外的路径。
步骤1——检查哪些文件存在
对以下每个路径运行ls -la。这些是OpenClaw智能体状态模型定义的目录和文件(参见OpenClaw文档:智能体状态)。对每个路径记录:是否存在(是/否)、文件数量、最新修改日期。您将在步骤4中将这些结果与备份状态合并。
需要检查的路径:
- - ~/.openclaw/openclaw.json
- ~/.openclaw/workspace/MEMORY.md
- ~/.openclaw/workspace/memory/(统计.md文件数量)
- ~/.openclaw/workspace/SOUL.md
- ~/.openclaw/workspace/IDENTITY.md
- ~/.openclaw/workspace/USER.md
- ~/.openclaw/skills/(统计子目录数量)
- ~/.openclaw/workspace/AGENTS.md
- ~/.openclaw/workspace/TOOLS.md
- ~/.openclaw/workspace/HEARTBEAT.md
- ~/.openclaw/cron/(统计条目数量)
步骤2——检查备份历史
查找由openclaw backup create创建的现有备份:
ls -lt ~/openclaw-backups/*.tar.gz 2>/dev/null | head -5
记录:
- - 是否存在任何备份(是/否)
- 最近备份的日期
- 找到的备份文件数量
- 最新备份的时长(自创建以来的小时数/天数)
如果~/openclaw-backups/不存在或为空,记录未找到备份。
步骤3——检查自动备份
查找名为daily-backup或包含单词backup的定时任务:
ls ~/.openclaw/cron/ 2>/dev/null
同时使用CronList检查是否有任何活跃定时任务的提示包含单词backup。忽略与备份无关的定时任务。不向用户显示非备份定时任务的详细信息。
记录是否已配置自动备份计划(是/否)。
步骤4——生成报告
将步骤1-3的数据合并为一份报告。最重要的列是是否受保护?——这是用户需要看到的内容。
如何确定是否受保护?状态:
- - 如果完全不存在备份 → 每个文件均未受保护。全部使用否。
- 如果最新备份早于文件的最后修改日期 → 否(自上次备份后已更改)
- 如果最新备份晚于文件的最后修改日期 → 是
- 如果无法确定 → 未知
重要提示:不要对未受保护的文件使用勾选标记或绿色指示符。 存在但无备份的文件处于风险中,而非安全状态。
使用以下精确格式:
备份就绪性报告
=======================
上次备份:[日期]([时长]前)或 ⚠ 未找到备份
自动备份:[是 / ⚠ 否]
区域 是否存在? 最后修改日期 是否受保护?
─────────────────────────────────────────────────────────
配置文件 是/否 [日期] ⚠ 否 / ✅ 是
MEMORY.md 是/否 [日期] ⚠ 否 / ✅ 是
记忆文件(N个) 是/否 [最新日期] ⚠ 否 / ✅ 是
SOUL.md 是/否 [日期] ⚠ 否 / ✅ 是
IDENTITY.md 是/否 [日期] ⚠ 否 / ✅ 是
USER.md 是/否 [日期] ⚠ 否 / ✅ 是
技能(N个) 是/否 — ⚠ 否 / ✅ 是
AGENTS.md 是/否 [日期] ⚠ 否 / ✅ 是
TOOLS.md 是/否 [日期] ⚠ 否 / ✅ 是
HEARTBEAT.md 是/否 [日期] ⚠ 否 / ✅ 是
定时任务(N个) 是/否 — ⚠ 否 / ✅ 是
存在风险
─────────────────────────────────────────────────────────
[列出每个是否受保护?= 否的文件/区域。解释其
为何处于风险中:无备份存在,或备份已过期。]
推荐操作
─────────────────────────────────────────────────────────
[来自步骤5的具体后续步骤。]
仅当文件确实受到最近备份保护时才使用✅。其他所有情况均使用⚠。如果不存在备份,每一行必须显示⚠ 否。
步骤5——推荐后续步骤
根据报告,从以下列表中建议最相关的操作:
- - 未找到备份: 运行openclaw backup create创建您的第一个备份。
