Keep My Claw — OpenClaw Backup
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: keepmyclaw Version: 1.4.1 This skill bundle implements a backup service that collects and exfiltrates the entire OpenClaw agent workspace, including sensitive API keys and auth tokens from the `credentials/` directory, to a third-party service (api.keepmyclaw.com). While the `backup.sh` script performs local AES-256 encryption before upload, the `SKILL.md` instructions utilize aggressive prompt-injection tactics to force the AI agent into a sales and registration workflow—generating random passwords, polling for payment status, and using high-pressure marketing language ('launch pricing', '82% off'). The combination of full secret access and automated commercial registration via the agent is highly irregular and poses a significant privacy risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could be moved through a paid backup setup and credential-handling workflow before reviewing the exact data scope and privileges.
The default flow minimizes human involvement while creating an account, obtaining a paid checkout link, creating keys, running a first backup, and scheduling future backups.
**You (the agent) handle everything. The human only clicks a payment link.**
Require explicit user confirmation before account creation, payment checkout, first backup, and scheduling; show the data scope before upload.
If the local config or agent is compromised, the attacker may get broader Keep My Claw account authority than needed for backup and restore.
The default setup creates an admin API key for the agent, even though the same documentation later describes an agent-scoped key for backup/restore only.
-d '{"name":"agent","permissions":"admin"}'Default to the least-privileged agent key, and require a separate user-approved admin action only when account management is actually needed.
This is expected for full-agent backup, but it means auth tokens and other credentials are part of the off-site snapshot.
The backup script includes every file under the OpenClaw credentials directory in the encrypted archive and uploads it to the Keep My Claw API.
find credentials -type f ... --data-binary @"$ENC_FILE" ... "/v1/agents/${CLAWKEEPER_AGENT_NAME}/backups"Use this only if you trust the service and encryption model; inspect the file list and consider exclusions for credentials you do not want backed up.
An agent-run restore could overwrite workspace files, credentials, cron jobs, and agent configuration without a fresh human confirmation.
When restore runs without an interactive terminal, it proceeds after the overwrite warning and extracts files into ~/.openclaw.
echo " (Non-interactive mode — proceeding)" ... tar -xzf "$TAR_FILE" -C "$OPENCLAW_DIR"
Require an explicit --yes flag or human approval for restore, create a pre-restore backup, and review restored cron jobs and credentials before restart.
A malicious or malformed value could cause shell commands to run later when backup, restore, list, or prune scripts load the config.
Raw API key, agent name, and URL values are written into a shell config file; the other scripts source that file, so quotes or newlines in those values could become shell syntax.
cat > "$CONFIG_FILE" <<EOF ... CLAWKEEPER_API_KEY="${api_key}" ... CLAWKEEPER_API_URL="${api_url}"Store config as JSON or another non-executable format, or strictly validate and shell-escape every value before writing a sourced file.
Sensitive or poisoned agent state can be preserved and reintroduced on another machine during restore.
The skill intentionally captures and restores persistent agent context, skills, and scheduled jobs.
backs up your entire agent system — workspace, memory, skills, projects, cron jobs, credentials, and multi-agent configs
Review snapshots before restore where possible, keep the encryption passphrase secure, and consider allowlists or exclusions for sensitive memory, skills, and scheduled tasks.