OpenClaw backup and synchronization tool - Pack, upload, download, and restore. Save the Soul of your OpenClaw.
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real backup/restore tool, but it can upload, share, and restore your full OpenClaw state including memory, skills, settings, and tokens, and its bundled script has unresolved static-scan warnings.
Install only if you trust the publisher and are comfortable giving it full access to ~/.openclaw. Before using cloud or share features, confirm whether secrets are included, run --test before restores, avoid sharing full personal backups, and manually review the static-scan warnings in clawclone.mjs.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A cloud or shared backup could expose credentials or restore someone else’s tokens into an OpenClaw instance.
The skill explicitly says backups may include API keys/tokens and preserve gateway tokens, but does not clearly bound which credentials are included, how they are encrypted, or how they are protected when uploaded or shared.
| Config | Optional: API keys and tokens (if configured) | ... Gateway tokens are preserved by default
Do not upload or share backups containing secrets unless you have verified encryption, access controls, and token exclusions; rotate exposed tokens after testing or sharing.
A restored or shared snapshot could leak private memory or install altered skills/settings that change how the agent behaves later.
The skill handles persistent agent memory and behavior-defining files, which can carry private data or instructions that influence future agent behavior.
restore complete OpenClaw state including memory, skills, agents, and settings
Inspect backups with --test, review MEMORY.md/skills/settings before restore, and only clone from trusted backups or share tokens.
Running the wrong command or using the wrong backup could overwrite local configuration, skills, memory, or cloud backups.
The requested permissions match a backup/restore tool, but they give the command broad authority over the OpenClaw workspace and network destinations.
permissions:\n - read: ~/.openclaw/\n - write: ~/.openclaw/\n - network: https
Use --test before clone/import, require explicit confirmation for restore/delete/share actions, and keep separate safe backups.
A bad, outdated, poisoned, or over-privileged snapshot could spread to multiple agents or team members.
Shared backups can propagate complete OpenClaw configurations, memory, skills, and possibly tokens across users or instances.
Team members can clone from the share link
Treat share tokens like secrets, verify snapshots before distributing them, and publish sanitized templates instead of full personal workspaces.
A bundled hardcoded secret or unexplained credential path could affect the security of cloud interactions or indicate code that needs manual review.
The scanner reports a hardcoded secret-like value in the bundled executable, and the visible artifact context does not explain why a backup tool needs it.
Static scan: suspicious.exposed_secret_literal at clawclone.mjs:26688 ... const password = [REDACTED] || "";
Inspect the reported line and surrounding code before use; the publisher should remove hardcoded secrets or document any benign test/default credential clearly.