Clawon
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Clawon is a coherent backup tool, but it can back up or restore highly sensitive workspace data, including sessions and credentials, and its documentation gives conflicting guidance about whether credentials are excluded.
Review this skill carefully before installing. Use discovery first, do not enable --include-secrets or --include-sessions unless you understand exactly what will be captured, prefer encrypted local backups for sensitive data, verify the npm package/source, and be cautious with restore and scheduled-backup commands because they can change your workspace or keep running via cron.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A backup could contain private conversations, memory, API keys, tokens, or auth files, and cloud mode could send that data to Clawon servers.
The skill can include chat history, credentials, auth files, and workspace memory/config in backups, including cloud backups. That is purpose-aligned for a backup tool, but it is high-impact sensitive data access and the artifacts do not clearly define exactly which auth files are included or how cloud copies are retained.
npx clawon local backup --include-sessions # Include chat history npx clawon local backup --include-secrets # Include credentials and auth files ... 4. **Cloud backup** — sync workspace to Clawon servers
Run discovery and secret scanning first, avoid --include-secrets and --include-sessions unless strictly necessary, prefer encryption, and review exactly what will be backed up before using cloud sync.
A user may believe credentials cannot be included even though the skill documents commands that include credentials and auth files.
The documentation simultaneously says credentials can be included with --include-secrets and that credentials are always excluded. This inconsistent privacy wording could lead a user to underestimate the risk of backing up credentials.
npx clawon discover --include-secrets # Also show credentials and auth files ... Credentials are **always excluded**.
Clarify whether credentials are excluded by default only, and require explicit user confirmation before any command that includes secrets or auth files.
The code that performs backups and restores comes from the npm package at runtime or install time.
The skill depends on an external npm CLI rather than bundled reviewed code. This is central to the purpose and disclosed, and the skill provides verification guidance, so it is a supply-chain note rather than a standalone concern.
All commands run via `npx clawon`. ... Install locally (preferred over npx for auditing): `npm install -g clawon`
Verify the npm package and repository, consider installing a reviewed version locally, and avoid running high-impact commands through an unverified package.
Backups may continue running after setup until the schedule is disabled.
Scheduled backups create persistent cron entries. The persistence is disclosed and removal instructions are provided, so this is expected for scheduled backups.
Scheduling writes an entry to your user crontab — this is a persistent change to your system. The user can review cron entries with `crontab -l` and remove them with `npx clawon local schedule off`
Only enable scheduling intentionally, review crontab entries, and disable the schedule when it is no longer needed.
The skill may use a Clawon account credential to access cloud backup features.
Cloud backups require a Clawon API key. This credential use is expected for the cloud-backup feature, and the instructions warn that inline keys may appear in shell history.
export CLAWON_API_KEY=<your-key> npx clawon login ... npx clawon login --api-key <your-key>
Use the environment-variable login method, protect the API key, and rotate it if it is exposed in shell history or logs.