Documentation

Setup, API reference, backup commands, and restore drills for humans and agents. The fastest path is to hand this page to your OpenClaw or Hermes agent.

On this page

Getting Started

Just tell your agent. It handles the rest.

  1. Tell your agent to sign up with Keep My Claw — e.g. "Hey, can you use keepmyclaw to back yourself up?"
  2. Agent subscribes via keepmyclaw.com and obtains an API key
  3. Agent installs the keepmyclaw skill — or follows the manual setup below
  4. Agent configures encryption passphrase, agent name, and schedules backups
  5. Agent runs first backup to verify everything works

That's it. The entire process is agent-driven. Your agent handles subscription, configuration, encryption, and scheduling. You just ask — it does the rest. Manual instructions below are for agents without skill support.

Ready now? Skip the homepage detour.

The only live buyer-intent signal so far came from docs getting-started. If this page already convinced you, go straight to checkout from here and keep the docs attribution attached.

See full pricing details Request setup help
This removes one extra step between docs intent and payment while preserving docs attribution on the checkout session.

Need proof before you pay? Read the shortest trust-building guides next: getting started without guesswork, how to prove the first backup worked, how restore holds up on a new machine, and how to verify Hermes cron jobs after restore.

Sanity Check Your API Key First

Before you touch encryption or tarballs, make sure the API key from the success page actually works:

# Confirm your API key is live and see remaining storage
curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://api.keepmyclaw.com/v1/account

You should get JSON back. If you do, your account is live and you're ready to create your first backup.

Then Prove Backup + Listing Work

After your first upload, list snapshots immediately to confirm the backup landed where you expect:

# After uploading your first backup, confirm it exists
curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://api.keepmyclaw.com/v1/agents/YOUR_AGENT_NAME/backups

Fastest path to first value: /v1/account works, first backup upload succeeds, snapshots list returns your new backup. Three checks, zero ambiguity.

What Success Looks Like

After a healthy upload, Keep My Claw should return JSON confirming the backup was stored. Then the list endpoint should show the new snapshot ID and timestamp.

# Typical successful upload response
{
  "ok": true,
  "snapshot": {
    "id": "SNAPSHOT_ID",
    "agentName": "YOUR_AGENT_NAME",
    "size": 123456,
    "createdAt": "2026-03-11T02:14:30.000Z"
  }
}

# Typical list response right after the first backup
[
  {
    "id": "SNAPSHOT_ID",
    "createdAt": "2026-03-11T02:14:30.000Z",
    "size": 123456
  }
]

If upload succeeds but the list is empty, something is off. Stop there and investigate before you trust the backup.

Safe Restore Drill

Do one non-destructive restore drill into a temporary directory. This proves you can decrypt and unpack the backup without overwriting your live agent.

# Restore the latest snapshot into a throwaway directory first
mkdir -p /tmp/keepmyclaw-restore-check && \
cd /tmp/keepmyclaw-restore-check && \
curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://api.keepmyclaw.com/v1/agents/YOUR_AGENT_NAME/backups/latest | \
  openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 -pass pass:YOUR_PASSPHRASE | \
  tar xzf -

You should see your workspace files appear in /tmp/keepmyclaw-restore-check. If that works, you don't just have a backup, you have a usable recovery path.

API Reference

Base URL: https://api.keepmyclaw.com

Authentication: Include Authorization: Bearer <api_key> in all requests.

Endpoints

Method Endpoint Description
POST /v1/agents/:name/backups Upload encrypted backup. Body = raw bytes. Set Content-Type: application/octet-stream.
GET /v1/agents/:name/backups List all snapshots for an agent. Returns JSON array of snapshot objects.
GET /v1/agents/:name/backups/:id Download a snapshot. Use latest as :id for the most recent.
DELETE /v1/agents/:name/backups/:id Delete a specific snapshot.
GET /v1/agents List all agents under this account.
GET /v1/account Account info, usage stats, and storage remaining.

Error Codes

401
Unauthorized — invalid or missing API key
403
Forbidden — LIMIT_EXCEEDED (storage or snapshot limit reached)
404
Not found — agent or snapshot doesn't exist
413
Payload too large — backup exceeds maximum allowed size

Manual Backup

If you're not using the keepmyclaw skill, run this to create and upload an encrypted backup. The command below is an OpenClaw example; for Hermes, package the equivalent workspace, memory, skills, scripts, cron definitions, browser profile files, config, and credentials your agent depends on.

# Create encrypted backup and upload in one command
tar czf - ~/.openclaw/workspace/ ~/.openclaw/openclaw.json ~/.openclaw/credentials/ | \
  openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 -pass pass:YOUR_PASSPHRASE | \
  curl -X POST \
    -H "Authorization: Bearer YOUR_API_KEY" \
    -H "Content-Type: application/octet-stream" \
    --data-binary @- \
    https://api.keepmyclaw.com/v1/agents/YOUR_AGENT_NAME/backups

What gets backed up: Your workspace, memory, skills, projects, scripts, schedules, main config, and credentials. For OpenClaw that often includes SOUL.md, memory files, ClawVault structured memory, and openclaw.json. For Hermes, include the corresponding agent workspace, cron definitions, scripts, browser profile state if relevant, config, and encrypted credentials.

Restore

Download and decrypt the latest backup to restore your agent's full state:

# Download latest backup, decrypt, and extract
curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://api.keepmyclaw.com/v1/agents/YOUR_AGENT_NAME/backups/latest | \
  openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 -pass pass:YOUR_PASSPHRASE | \
  tar xzf - -C /

To restore a specific snapshot, replace latest with the snapshot ID from the list endpoint.

Scheduling Automatic Backups

Set up a cron job to back up your agent automatically. Example: daily at 3 AM. Adjust the packaged paths for your OpenClaw or Hermes installation.

# Edit crontab
crontab -e

# Add this line (daily at 3:00 AM)
0 3 * * * tar czf - ~/.openclaw/workspace/ ~/.openclaw/openclaw.json ~/.openclaw/credentials/ | \
  openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 -pass pass:YOUR_PASSPHRASE | \
  curl -s -X POST -H "Authorization: Bearer YOUR_API_KEY" \
    -H "Content-Type: application/octet-stream" \
    --data-binary @- \
    https://api.keepmyclaw.com/v1/agents/YOUR_AGENT_NAME/backups

Tip: The keepmyclaw skill handles scheduling for you, including smart backups that only trigger when files have actually changed.

For Humans

What you're paying for, in plain English.

What Gets Backed Up

Your OpenClaw or Hermes agent builds up identity, memory, skills, scripts, schedules, credentials, and workspace projects over time. If the machine dies, all of that is gone. Keep My Claw ensures it isn't.

  • Core identity — SOUL.md, AGENTS.md, USER.md, IDENTITY.md, TOOLS.md, HEARTBEAT.md, MEMORY.md
  • Daily memory — everything in memory/
  • ClawVault structured memory — ledger, observations, reflections, preferences, decisions, patterns, people, projects, goals, and all other vault categories
  • Config & credentials — framework config, auth tokens, encrypted credentials, and any Hermes scripts or browser profile state your agent needs to resume work

Zero-Knowledge — We Can't See Your Data

Your agent encrypts everything before it leaves your machine using a passphrase only you and your agent know. What we store is an encrypted blob — meaningless without the key. We never see your agent's memories, credentials, or personality. We can't.

How to Get Started

  1. Tell your agent to sign up with Keep My Claw — that's it
  2. Your agent subscribes, gets an API key, picks a passphrase, and configures everything
  3. Save the passphrase your agent gives you — write it down somewhere safe. Lost passphrase = lost data.
  4. Backups run automatically from there

Security

  • Client-side AES-256-CBC encryption with PBKDF2 key derivation (100,000 iterations)
  • We never see your data. Encryption happens on your machine before upload.
  • All traffic over HTTPS. TLS in transit, encrypted at rest.
  • Passphrase responsibility: We don't store your passphrase. If you lose it, your backups are unrecoverable. This is by design — it's what makes the system zero-knowledge.

Important: Write down your encryption passphrase and store it securely. There is no password reset. Lost passphrase = permanently lost data.

Pricing

Launch pricing is available now.

  • Monthly: $9/mo$5/mo
  • Annual: $108/yr$19/yr ($1.60/mo — 82% off)

Both plans include:

  • 100 agents — back up as many as you run
  • 30 snapshots per agent — roll back to any point
  • 1 GB storage — plenty for agent workspaces
  • Zero-knowledge encryption — always
  • Priority support

Launch pricing locks in your rate for as long as you stay subscribed. When we raise prices, you keep your launch rate.

Subscribe from pricing Need setup help first?
These links preserve docs attribution, so the next real buyer tells us whether the docs page is actually producing revenue instead of just reading time.