Clawkeep
v0.2.9Provides git-powered versioned backups and safe snapshot recovery for workspace files, with automated and manual snapshot options.
⭐ 0· 438·0 current·0 all-time
byTacoDevs@taco-devs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description (git-powered, versioned backups) match the runtime instructions (clawkeep CLI commands, snapshot/restore flow). However, the skill requires installing a third-party global npm CLI (clawkeep) and relies on external services (S3, ClawKeep Cloud) even though no provenance (homepage, repo) is provided — reasonable for the stated purpose but lacking source verification.
Instruction Scope
The SKILL.md tells the agent to install and run a global CLI, start background daemons (watch, ui, sync) and use PM2/systemd to persist them; it also instructs storing credentials in a local config file and using browser flows or API keys. Those actions go beyond a transient helper and give the tool ongoing access to arbitrary workspace files and secrets on disk. The instructions also assert security properties (zero-knowledge, client-side encryption, no metadata leakage) that cannot be validated from these docs alone.
Install Mechanism
There is no install spec in the registry bundle; the docs instruct the user to run 'npm install -g clawkeep' which will fetch and install code from the public npm registry. Installing an unverified global npm package that runs daemons is moderate-to-high risk when the package source/repo isn't provided for review. Because the package will run background processes and write local config, verifying its provenance and code is important.
Credentials
The instructions request S3/R2/API keys and show env var examples (CLAWKEEP_S3_ACCESS_KEY etc.) — these are proportionate for cloud backup targets. The skill also documents storing credentials in '.clawkeep/config.json' and recommends a 'set-password' flow (claiming no password in env after setup). Storing secrets on disk and allowing a keyless daemon introduces local secret persistence which should be considered when deploying on shared hosts or agents.
Persistence & Privilege
The instructions explicitly encourage persistent background daemons and using PM2/systemd to autostart the backup watcher and UI. Although the skill metadata does not force 'always:true', following these instructions will give the installed CLI long-lived access to workspace files and any stored credentials, increasing blast radius if the package is malicious or buggy.
What to consider before installing
This skill is instruction-only and asks you to install and run an unverified global npm package that will run background daemons and store credentials locally. That can be useful for backups but raises risk if the package or its server-side counterpart are untrusted. Before installing: 1) Verify the 'clawkeep' npm package page and source repository (look for a homepage, GitHub repo, recent maintainers, and code review). 2) Review the package code or its published tarball for any unexpected network calls, credential exfiltration, or privileged behavior. 3) Prefer running it in an isolated environment (container, dedicated VM) and avoid giving it more permissions than necessary. 4) If using cloud targets, limit and rotate S3/API keys and understand where credentials are stored (.clawkeep/config.json). 5) Do not enable persistent daemons on shared/production agents until you have verified the code and security claims (zero-knowledge encryption, client-side encryption). If you can provide the package homepage/repo or the installed package's code, I can re-evaluate and raise confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk975a3ghsp3ajyt292ka54d66s81eyc2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.