npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

clawon

v0.1.19

Published

Backup and restore your OpenClaw workspace

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

y.chelouchey.chelouche

Keywords

openclawclawonbackuprestorecli

Readme

Clawon

Backup and restore your OpenClaw workspace. Move your memory, skills, and config between machines in one command.

Quick Start

# No install needed — runs with npx
npx clawon discover          # Preview what will be backed up
npx clawon local backup      # Save a local backup
npx clawon local restore     # Restore from latest backup

Commands

Local Backups (no account needed)

Local backups are stored in ~/.clawon/backups/ as standard .tar.gz archives. You can inspect them with tar tzf or extract manually with tar xzf.

# Create a backup
npx clawon local backup
npx clawon local backup --tag "before migration"
npx clawon local backup --include-memory-db  # Include SQLite memory index
npx clawon local backup --include-sessions   # Include chat history
npx clawon local backup --include-secrets    # Include credentials and auth files
npx clawon local backup --encrypt            # Encrypt with AES-256-GCM
npx clawon local backup --include-secrets --encrypt  # Encrypted with secrets
npx clawon local backup --no-secret-scan     # Skip secret scanning
npx clawon local backup --max-snapshots 10   # Keep only 10 most recent

# List all local backups
npx clawon local list

# Restore (detects encryption automatically)
npx clawon local restore                # Latest backup
npx clawon local restore --pick 2       # Backup #2 from list
npx clawon local restore --file path.tar.gz  # External file

Scheduled Backups

Set up automatic backups via cron (macOS/Linux only).

# Schedule local backups every 12 hours (default)
npx clawon local schedule on
npx clawon local schedule on --every 6h --max-snapshots 10
npx clawon local schedule on --include-memory-db
npx clawon local schedule on --include-sessions
npx clawon local schedule on --include-secrets
npx clawon local schedule on --encrypt       # Requires CLAWON_ENCRYPT_PASSPHRASE env var

# Disable local schedule
npx clawon local schedule off

# Schedule cloud backups (requires Hobby or Pro account)
npx clawon schedule on
npx clawon schedule on --encrypt             # Encrypted cloud backups
npx clawon schedule on --encrypt --include-secrets  # With secrets
npx clawon schedule off

# Check schedule status
npx clawon schedule status

Workspaces

Workspaces organize your cloud snapshots by machine or environment — like GitHub repos for your backups. A default workspace is created automatically on login.

# List your workspaces
npx clawon workspaces list

# Create a new workspace
npx clawon workspaces create "Work Server"

# Switch active workspace (affects backup/restore/list)
npx clawon workspaces switch work-server

# Show current workspace info
npx clawon workspaces info

Cloud Backups (requires account)

Cloud backups sync your workspace to Clawon's servers for cross-machine access. Snapshots are scoped to your current workspace.

# Authenticate (env var recommended to avoid shell history)
export CLAWON_API_KEY=<your-key>
npx clawon login

# Or inline (key may appear in shell history)
npx clawon login --api-key <your-key>

# Create a cloud backup
npx clawon backup
npx clawon backup --tag "stable config"
npx clawon backup --dry-run             # Preview without uploading
npx clawon backup --include-memory-db   # Requires Hobby or Pro
npx clawon backup --include-sessions    # Requires Hobby or Pro
npx clawon backup --no-secret-scan      # Skip secret scanning
npx clawon backup --encrypt             # Encrypt before uploading
npx clawon backup --include-secrets --encrypt  # Secrets + encryption

# List cloud backups
npx clawon list

# Restore from cloud (decrypts automatically if encrypted)
npx clawon restore
npx clawon restore --snapshot <id>      # Specific snapshot
npx clawon restore --dry-run            # Preview without extracting

# Manage snapshots
npx clawon delete <id>
npx clawon delete --oldest
npx clawon files                        # List files in a cloud backup
npx clawon activity                     # Recent events

Other Commands

npx clawon discover    # Show exactly which files would be backed up
npx clawon discover --include-memory-db  # Include SQLite memory index
npx clawon discover --include-sessions   # Include chat history
npx clawon discover --include-secrets    # Preview with credentials included
npx clawon discover --scan               # Scan for secrets in discovered files
npx clawon schedule status  # Show active schedules
npx clawon status      # Connection status, workspace, and file count
npx clawon logout      # Remove local credentials

What Gets Backed Up

Clawon uses an allowlist — only files matching these patterns are included:

| Pattern | What it captures | |---------|-----------------| | workspace/*.md | Workspace markdown (memory, notes, identity) | | workspace/memory/*.md | Daily memory files | | workspace/memory/**/*.md | Nested memory (projects, workflows, experiments) | | workspace/skills/** | Custom skills | | workspace/canvas/** | Canvas data | | skills/** | Top-level skills | | agents/*/config.json | Agent configurations | | agents/*/models.json | Model preferences | | agents/*/agent/** | Agent config data | | cron/runs/*.jsonl | Cron run logs |

Run npx clawon discover to see the exact file list for your instance.

What's Excluded

These are always excluded, even if they match an include pattern:

| Pattern | Why | |---------|-----| | credentials/** | API keys, tokens, auth files | | openclaw.json | May contain credentials | | agents/*/agent/auth.json | Authentication data | | agents/*/agent/auth-profiles.json | Auth profiles | | agents/*/sessions/** | Chat history (large, use --include-sessions to include) | | memory/lancedb/** | Vector database (binary, large) | | memory/*.sqlite | SQLite databases (use --include-memory-db to include) | | *.lock, *.wal, *.shm | Database lock files | | node_modules/** | Dependencies |

Credentials are excluded by default. The credentials/ directory, openclaw.json, and agent auth files are excluded unless you use --include-secrets. For local backups, --include-secrets works standalone. For cloud backups, it requires --encrypt. Verify what gets included by running npx clawon discover --include-secrets.

Secret Scanning

Every backup is pre-scanned for leaked secrets using 221 detection rules ported from gitleaks. This catches API keys, tokens, private keys, JWTs, and more — before they leave your machine.

How it works: keyword pre-filtering narrows candidates, then regex matching and Shannon entropy checks confirm real secrets. No new dependencies — pure regex matching built into the CLI.

When secrets are found during a manual backup, you'll see an interactive prompt:

  • [s]Skip flagged files (default)
  • [a]Abort the backup entirely
  • [i]Ignore findings and back up anyway

Scheduled backups automatically skip flagged files.

npx clawon discover --scan               # Preview secret findings without backing up
npx clawon local backup --no-secret-scan  # Disable scanning for a backup
npx clawon backup --no-secret-scan        # Same for cloud backups

Encryption

The --encrypt flag encrypts backups with AES-256-GCM using a passphrase you provide. Available for both local and cloud backups.

# Local encrypted backup
npx clawon local backup --encrypt

# Cloud encrypted backup
npx clawon backup --encrypt

# Cloud backup with secrets (requires --encrypt)
npx clawon backup --include-secrets --encrypt

# Scheduled encrypted backups (requires env var)
export CLAWON_ENCRYPT_PASSPHRASE=your-passphrase
npx clawon local schedule on --encrypt
npx clawon schedule on --encrypt

Key derivation: PBKDF2 with 100,000 iterations, SHA-512, 16-byte random salt → 256-bit key.

Local format: encrypted archives use .tar.gz.enc extension with a binary header:

[4B "CLWN"][1B version=1][16B salt][12B IV][...ciphertext...][16B authTag]

Cloud format: each file is encrypted individually before upload. Salt is stored in the manifest, per-file IVs are recorded at confirm time.

Restore: encryption is detected automatically — you'll be prompted for the passphrase.

Warning: there is no passphrase recovery. If you forget your passphrase, encrypted backups cannot be decrypted. Store your passphrase securely.

Archive Format

Local backups are standard gzip-compressed tar archives (.tar.gz). Encrypted backups use .tar.gz.enc. You can inspect unencrypted archives with standard tools:

# List contents
tar tzf ~/.clawon/backups/backup-2026-03-05T1030.tar.gz

# Extract manually
tar xzf ~/.clawon/backups/backup-2026-03-05T1030.tar.gz -C /tmp/inspect

# View metadata
tar xzf backup.tar.gz _clawon_meta.json -O | cat

Each archive contains:

  • _clawon_meta.json — metadata (version, date, tag, file count)
  • Your workspace files in their original directory structure

Data Storage

| | Local | Cloud | |---|---|---| | Location | ~/.clawon/backups/ | Clawon servers (Supabase Storage) | | Format | .tar.gz (or .tar.gz.enc if encrypted) | Individual files with signed URLs | | Limit | Unlimited | 2 snapshots (Starter), more on paid plans | | Account required | No | Yes | | Cross-machine | No (manual file transfer) | Yes |

Configuration

Config is stored at ~/.clawon/config.json after running clawon login. Contains your API key, profile ID, workspace, and API URL. Run clawon logout to remove it.

Telemetry

Clawon collects anonymous usage events (e.g. "backup created", "restore completed") to understand which features are used. No file contents, filenames, or personal data are sent.

To opt out, set either environment variable:

# Standard convention (https://consoledonottrack.com)
export DO_NOT_TRACK=1

# Or Clawon-specific
export CLAWON_NO_TELEMETRY=1

Telemetry is powered by PostHog. The public project key is visible in the source code.

Requirements

  • Node.js 18+
  • An OpenClaw installation at ~/.openclaw/