v0.2.9

Clawkeep

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:53 AM.

Analysis

ClawKeep is coherent for backups, but it deserves review because it relies on an unreviewed global CLI and recommends persistent processes that can continuously back up workspace data and use cloud credentials.

GuidanceBefore installing, verify the external ClawKeep CLI and npm publisher, use a limited test workspace first, configure ignore rules carefully, use least-privilege backup credentials, avoid putting secrets directly on command lines, and make sure you can stop any background daemon or dashboard you start.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

ClawKeep must be installed globally:
```bash
npm install -g clawkeep
```

The reviewed skill is instruction-only and has no install spec or bundled code, so the global npm package that performs backups, restores, daemon work, and credential handling is outside the reviewed artifacts.

User impactInstalling the package gives unreviewed external code access to workspace files and any backup credentials the user configures.

RecommendationVerify the npm package publisher and source, consider pinning a known version, and inspect or sandbox the CLI before granting it access to important workspaces or credentials.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

Start a background daemon that auto-snapshots on every file change... Runs in background, survives terminal close

The skill intentionally recommends a long-running background process that keeps operating after the initial command.

User impactBackups or syncs may continue until the daemon or process manager is stopped.

RecommendationEnable the daemon only for workspaces you want continuously tracked, and confirm you know how to stop both ClawKeep and any PM2/systemd-managed process.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

s3/SKILL.md

--access-key YOUR_ACCESS_KEY \
  --secret-key YOUR_SECRET_KEY ... Credentials stored locally — S3 credentials saved in `.clawkeep/config.json`

S3 credentials are expected for S3 backups, but the skill documents both inline credential use and local credential storage.

User impactAnyone who can read the local config or command history may gain access to the configured backup bucket, depending on credential scope.

RecommendationUse least-privilege bucket-specific keys, prefer environment variables or a secure secret store over inline secrets, and protect `.clawkeep/config.json`.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

clawkeep-cloud/SKILL.md

Backing up agent workspaces, memory files, configs... Syncing state across machines

The skill explicitly targets agent memory/configuration files and can sync them across machines, which is useful for backup but sensitive.

User impactPrivate workspace data and agent state may be preserved, restored, or synced beyond the original machine.

RecommendationReview `.clawkeepignore`, exclude secrets or sensitive directories that should not be backed up, and only connect trusted backup destinations.