Clawkeep
PassAudited by ClawScan on May 10, 2026.
Overview
ClawKeep is a coherent backup and restore skill, but enabling it means trusting an external CLI that can persistently snapshot, sync, and restore broad workspace data.
Use this skill only if you trust the ClawKeep CLI and the backup destination. Before first use, configure `.clawkeepignore`, avoid backing up secrets unless intended, protect local config and S3 keys, and only start the background watcher or dashboard when you want continuous backup behavior.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives third-party code local execution authority, including access to the workspace selected for backup.
The skill depends on a global npm package that is not included in the provided artifacts, so this review cannot validate the CLI implementation or package provenance.
ClawKeep must be installed globally: ```bash npm install -g clawkeep ```
Verify the npm package, publisher, version, and source before installing; consider pinning a known-good version.
Sensitive files may be retained in local history or encrypted backup storage even after they are later deleted from the live workspace.
The skill creates persistent historical snapshots of tracked workspace files, which may include sensitive project, config, or agent-memory content unless excluded.
An initial snapshot of all tracked files
Review `.clawkeepignore` before the first snapshot, exclude secrets and unnecessary private data, and understand retention/cleanup behavior.
Anyone who can read the local ClawKeep config may be able to use the configured backup storage credentials.
The S3 integration stores storage credentials locally, which is expected for automated backups but creates a credential-protection responsibility.
Credentials stored locally — S3 credentials saved in `.clawkeep/config.json`
Use least-privilege, bucket-scoped credentials; protect `.clawkeep/config.json`; and rotate keys if the workspace may have been exposed.
Once started, the daemon can continue creating snapshots or syncing changes until explicitly stopped.
The backup watcher is intentionally persistent and continues after the terminal closes; the skill also documents how to stop it.
Runs in background, survives terminal close - Debounces writes (default 10s) to avoid spam commits - Stop with: `clawkeep watch --stop -d /path/to/workspace`
Start the daemon only for workspaces you want continuously backed up, and verify stop commands or process-manager settings when disabling it.
A dashboard token or exposed port could allow someone to view workspace history or restore files.
The dashboard can browse files and trigger restores, which is appropriate for the tool but sensitive if exposed or accessed by the wrong user.
Visual timeline, file browser with time-travel, side-by-side diffs, one-click restore. Token-based auth is auto-generated.
Keep the dashboard local or otherwise access-controlled, protect the generated token, and stop the dashboard when not needed.