Keep My Claw — OpenClaw Backup

A user could be moved through a paid backup setup and credential-handling workflow before reviewing the exact data scope and privileges.

The default flow minimizes human involvement while creating an account, obtaining a paid checkout link, creating keys, running a first backup, and scheduling future backups.

If the local config or agent is compromised, the attacker may get broader Keep My Claw account authority than needed for backup and restore.

The default setup creates an admin API key for the agent, even though the same documentation later describes an agent-scoped key for backup/restore only.

This is expected for full-agent backup, but it means auth tokens and other credentials are part of the off-site snapshot.

The backup script includes every file under the OpenClaw credentials directory in the encrypted archive and uploads it to the Keep My Claw API.

An agent-run restore could overwrite workspace files, credentials, cron jobs, and agent configuration without a fresh human confirmation.

When restore runs without an interactive terminal, it proceeds after the overwrite warning and extracts files into ~/.openclaw.

A malicious or malformed value could cause shell commands to run later when backup, restore, list, or prune scripts load the config.

Raw API key, agent name, and URL values are written into a shell config file; the other scripts source that file, so quotes or newlines in those values could become shell syntax.

Sensitive or poisoned agent state can be preserved and reintroduced on another machine during restore.

The skill intentionally captures and restores persistent agent context, skills, and scheduled jobs.