什么是 MyClaw Backup？

MyClaw Backup 是专为 MyClaw.ai 生态系统设计的专用工具，旨在确保 AI 助手数据的持久性和可移植性。它允许用户为整个环境（包括智能体记忆、自定义脚本和身份验证令牌）创建安全快照。对于需要可靠方式在服务器之间迁移或在自托管环境中防止数据丢失的 Openclaw Skills 开发者来说，此工具至关重要。

通过将复杂的配置合并到单个压缩存档中，它在保持严格安全态势的同时简化了敏感 AI 基础设施的管理。该技能内置了 HTTP 服务器，支持基于浏览器的管理和远程传输，无需依赖第三方云存储，使您的数据完全处于您的控制之下。

下载入口:https://github.com/openclaw/skills/tree/main/skills/leoyeai/myclaw-backup

安装与下载

1. ClawHub CLI

从源直接安装技能的最快方式。

2. 手动安装

将技能文件夹复制到以下位置之一

优先级：工作区 > 本地 > 内置

3. 提示词安装

将此提示词复制到 OpenClaw 即可自动安装。

MyClaw Backup 应用场景

• 为 AI 智能体记忆和工作区数据创建时间点快照。
• 将现有的智能体实例从一台服务器或机器无缝迁移到另一台。
• 通过具有受限权限的安全本地存档保护敏感的 API 密钥和机器人令牌。
• 通过系统 cron 或内部智能体任务调度自动定期备份。
• 使用令牌验证的 HTTP 服务器为分布式 Openclaw Skills 环境管理远程备份传输。

1. 备份脚本识别本地环境中的关键配置文件、凭据和工作区记忆。
2. 文件被压缩为 .tar.gz 存档，并具有受限的文件权限 (chmod 600) 以防止未经授权的访问。
3. 用户可以有选择地启动受令牌保护的 HTTP 服务器，以方便在不同网络节点之间下载或上传存档。
4. 在恢复期间，系统提供演练验证步骤以预览更改并防止配置不匹配。
5. 恢复过程在迁移期间专门保留网关令牌，以确保控制 UI 保持连接。
6. 完成后，将自动生成恢复报告，以确认恢复的 Openclaw Skills 和智能体历史记录的完整性。

MyClaw Backup 配置指南

确保您的系统上安装了 node、rsync、tar 和 python3。这些是大多数 OpenClaw 实例上的标准配置。

# 创建手动备份到特定目录
bash scripts/backup.sh /tmp/openclaw-backups

# 启动安全 HTTP 服务器（令牌是必需的）
bash scripts/serve.sh start --token $(openssl rand -hex 16) --port 7373

# 执行演练恢复以验证存档完整性
bash scripts/restore.sh backup_filename.tar.gz --dry-run

MyClaw Backup 数据架构与分类体系

该技能将数据整理到结构化存档中，以确保保留 Openclaw Skills 的所有依赖项：

name: myclaw-backup
description: "Backup and restore all OpenClaw configuration, agent memory, skills, and workspace data. Part of the MyClaw.ai (https://myclaw.ai) open skills ecosystem — the AI personal assistant platform that gives every user a full server with complete code control. Use when the user wants to create a snapshot of their OpenClaw instance, schedule periodic backups, restore from a backup, migrate to a new server, download a backup file locally, upload a backup file from another machine, or protect against data loss. Includes a built-in HTTP server for browser-based download/upload/restore without needing cloud storage. TRUST BOUNDARY: This skill archives and restores highly sensitive data including bot tokens, API keys, and channel credentials. Only install if you trust the operator. Always use --dry-run before restore. Never start the HTTP server without a --token."
metadata:
  openclaw:
    requires:
      bins: ["node", "rsync", "tar", "python3", "openclaw"]
    trust: high
    permissions:
      - read: ~/.openclaw
      - write: ~/.openclaw
      - network: listen

MyClaw Backup

Built on MyClaw.ai — the AI personal assistant platform that gives every user a full server with complete code control, networking, and tool access. This skill is part of the MyClaw.ai open skills ecosystem.

Backs up all critical OpenClaw data to a single .tar.gz archive and restores it to any OpenClaw instance. Includes a built-in HTTP server for browser-based backup management.

?? Trust Boundary & Security Model

This skill handles highly sensitive data: bot tokens, API keys, channel credentials, session history. Understand the security model before use:

What each script does

• backup.sh — reads ~/.openclaw/ and writes a chmod 600 archive to disk. No network access.
• restore.sh — overwrites ~/.openclaw/ from an archive. Requires typing yes to confirm. Always run --dry-run first.
• serve.sh / server.js — starts a local HTTP server. Token is mandatory (refuses to start without one). Shell-execution endpoints (/backup, /restore) are localhost-only — remote access can only download and upload files, not trigger execution.
• schedule.sh — modifies your system crontab to run backup.sh on a schedule. Prints the cron entry before adding. Use --disable to remove.

Access control summary

Best practices

• Never start the HTTP server without --token
• Never expose the HTTP server to the public internet without TLS
• Always run restore.sh --dry-run before applying a restore
• Store backup archives securely — they contain all credentials

Dependencies

Requires: node, rsync, tar, python3, openclaw CLI (all standard on OpenClaw instances).

Check: which node rsync tar python3 openclaw

Scripts

Gateway token behavior (v1.6+): By default, restore.sh preserves the new server's gateway.auth.token after restoring openclaw.json. This prevents the "gateway token mismatch" error in Control UI / Dashboard after migration. Use --overwrite-gateway-token only for full disaster recovery on the same server.

What Gets Backed Up

See references/what-gets-saved.md for full details.

Includes: workspace (MEMORY.md, skills, agent files), openclaw.json (bot tokens + API keys), credentials, channel pairing state, agent config + session history, devices, identity, cron jobs, guardian scripts.

Excludes: logs, binary media, node_modules, canvas system files.

Common Workflows

Create backup

bash scripts/backup.sh /tmp/openclaw-backups
# → /tmp/openclaw-backups/openclaw-backup_TIMESTAMP.tar.gz (chmod 600)

Restore — always dry-run first

# Step 1: preview what will change
bash scripts/restore.sh openclaw-backup_TIMESTAMP.tar.gz --dry-run

# Step 2: review the output, then apply
bash scripts/restore.sh openclaw-backup_TIMESTAMP.tar.gz

The restore script saves a pre-restore snapshot before overwriting anything.

HTTP server — token is mandatory

# Token is required — server refuses to start without one
bash scripts/serve.sh start --token $(openssl rand -hex 16) --port 7373
# → http://localhost:7373/?token=

Never share the URL on a public network without a reverse proxy + TLS.

The Web UI provides: create backup, download .tar.gz, upload, dry-run preview, restore.

HTTP API (all require token except /health):

• GET /health — Health check (unauthenticated, read-only)
• GET /backups — List backups
• POST /backup — Create backup
• GET /download/:filename — Download archive
• POST /upload — Upload archive (multipart, field: backup)
• POST /restore/:filename — Restore; add ?dry_run=1 to preview

Migrate to a new instance

Old machine:

bash scripts/serve.sh start --token MYTOKEN --port 7373

New machine (after installing OpenClaw):

# Download
curl -O "http://OLD_IP:7373/download/openclaw-backup_TIMESTAMP.tar.gz?token=MYTOKEN"

# Always dry-run first
bash scripts/restore.sh openclaw-backup_TIMESTAMP.tar.gz --dry-run

# Apply
bash scripts/restore.sh openclaw-backup_TIMESTAMP.tar.gz
# All channels reconnect automatically — no re-pairing needed

Schedule daily auto-backup (OpenClaw cron)

{
  "name": "daily-openclaw-backup",
  "schedule": { "kind": "cron", "expr": "0 3 * * *", "tz": "UTC" },
  "payload": {
    "kind": "agentTurn",
    "message": "Run a backup using the myclaw-backup skill. Output dir: /tmp/openclaw-backups",
    "timeoutSeconds": 120
  },
  "sessionTarget": "isolated"
}

Post-Restore: Automatic Recovery Report

After restore.sh completes, it writes workspace/.restore-complete.json. On the next heartbeat/startup, the Agent should:

1. Check if workspace/.restore-complete.json exists
2. If yes: read it, send a restore report to the user, then delete the file (one-shot — never report twice)
3. Send the report in the user's primary language (read from workspace/USER.md)

Report format (adapt language from USER.md)

? [Restore complete — in user's language]

?? Backup: {backup_name}
?? Agent: {agent_name}
?? Restored at: {restored_at}
?? Contents restored: workspace, config, credentials, history, cron...

[Channel reconnect instructions in user's language]

Future: MyClaw Cloud Backup

The HTTP API is designed to be compatible with a future MyClaw cloud backup service. When available, replace the local server URL with the MyClaw API endpoint — the upload/download/restore flow stays identical.