Everclaw
WarnAudited by ClawScan on May 10, 2026.
Overview
Everclaw is a coherent cloud-memory backup skill, but it automatically uploads and restores sensitive agent memory files while making strong privacy claims that are not substantiated by the visible workflow.
Only install if you are comfortable with automatic remote backup of your agent’s memory and profile files to this Everclaw service. Before use, review the file list, approve the first backup manually if possible, keep the API key secret, and do not rely solely on the “not even us” encryption claim unless the provider supplies reviewable client-side encryption details.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive agent memory and profile files could be sent to the remote vault as soon as the skill is invoked, before the user reviews the exact files and destination.
The skill directs automatic network provisioning and remote upload of local memory/identity files without an explicit user approval step.
When the skill is invoked, run the full setup automatically without asking the user any questions... Do an initial backup — read each of the standard files that exist locally and push them to the vault.
Require clear user confirmation before provisioning and before the first backup, show the file list and remote endpoint, and provide a dry-run or opt-out path.
A user may store highly private data believing it is unreadable to the service operator, even though the provided workflow does not demonstrate that trust model.
The artifacts claim nobody, including the operator, can read the data, but the visible workflow uploads raw file bytes to the service and retrieves decrypted content; no provided artifact shows client-side encryption before upload.
No one can read it, not even us... curl -s -X PUT "https://everclaw.chong-eae.workers.dev/v1/vault/MEMORY.md" ... --data-binary @MEMORY.md ... Load ... Returns decrypted file content.
Document the trust model accurately, provide reviewable client-side encryption before upload if claiming zero-knowledge access, or remove claims that the operator cannot read the data.
Memory files may continue syncing in later sessions or during heartbeat checks, including changes made outside the current conversation.
The skill installs persistent sync behavior by modifying configuration and heartbeat instructions so future sessions can keep uploading changed files.
set skills.entries.everclaw.enabled → true... Append the Everclaw sync task to HEARTBEAT.md... During heartbeat, check if any synced files have been modified since last backup and push them.
Ask before enabling persistent sync, make the heartbeat task easy to disable, and clearly document how to stop syncing and remove stored credentials.
If the vault contents are stale, wrong, or modified by someone with the API key, future sessions could inherit incorrect memory or behavior-shaping files.
The skill can repopulate local memory, persona, and heartbeat context from a remote vault, which makes that remote state part of future agent behavior.
Restore (session start): On first message of a session... restore them from the vault... SOUL.md — persona, tone, values, boundaries... MEMORY.md... HEARTBEAT.md.
Prompt before restoring behavior-shaping files, show diffs, use integrity/version checks, and separate user data from agent instruction files where possible.
Anyone who obtains the API key could access or alter the vault contents, and losing it could prevent recovery.
The API key is expected for this service and the skill includes a guardrail not to display it, but it is still a powerful recovery/access credential stored locally.
skills.entries.everclaw.env.EVERCLAW_API_KEY → the generated API_KEY... All requests require: Authorization: Bearer $EVERCLAW_API_KEY... Never log or display the full EVERCLAW_API_KEY.
Store the key securely, do not share it, and rotate or re-provision the vault if the key may have been exposed.