Clawreverse
ReviewAudited by ClawScan on May 10, 2026.
Overview
ClawReverse appears purpose-aligned for OpenClaw checkpoint and rollback work, but it installs a native plugin that can store snapshots, restore files, use gateway auth, and start child sessions.
Install this only if you need OpenClaw session recovery or branching. Before rollback, verify the exact agent, session, and checkpoint; use --restore-workspace only with explicit approval. Treat checkpoints as local copies of your work, manage old checkpoint data, and be careful with gateway credentials and child continuation runs.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing enables plugin code inside OpenClaw, including lifecycle hooks.
The skill is not just instructions; it directs the user/agent to install a native OpenClaw plugin from the local skill bundle.
openclaw plugins install -l "{baseDir}"Install only from the reviewed bundle or trusted homepage, and inspect plugin metadata/source before enabling it in OpenClaw.
Choosing the wrong checkpoint or target could overwrite current local work.
Workspace restore is implemented by removing the destination path and copying checkpoint contents back.
export async function replacePathWithCopy(sourcePath, destinationPath, kind) {\n await removePath(destinationPath);\n ...\n await fs.cp(sourcePath, destinationPath, {\n recursive: true,\n force: true,\n preserveTimestamps: true\n });Confirm the agent, session, checkpoint, and workspace before rollback; use --restore-workspace only when the user explicitly wants on-disk files restored.
A child continuation may consume tokens/resources and make changes in its own workspace.
The skill can intentionally create another OpenClaw agent/session branch to continue work from a checkpoint.
`continue` requires a non-empty `--prompt` and creates a **new child agent, new workspace, and new session**, leaving the parent untouched.
Use continue only for a user-requested branch, provide a bounded prompt, and inspect or stop the child run if it behaves unexpectedly.
The plugin acts with the user's OpenClaw gateway privileges when performing rollback/branching operations.
The plugin can use configured OpenClaw gateway token/password values or related environment variables to authenticate CLI/gateway operations.
options.token,\n useRemoteAuth ? api?.config?.gateway?.remote?.token : api?.config?.gateway?.auth?.token,\n process.env.OPENCLAW_GATEWAY_TOKEN\n...\nprocess.env.OPENCLAW_GATEWAY_PASSWORD
Use the least-privileged OpenClaw gateway credentials available and avoid exposing OpenClaw config or logs containing auth details.
Workspace or session contents, including secrets accidentally present in the workspace, may remain in local checkpoint storage after the original files change.
The plugin persists checkpoint, registry, runtime, and report data locally, with up to 100 checkpoints per session by default.
checkpointDir: "~/.openclaw/plugins/clawreverse/checkpoints",\n registryDir: "~/.openclaw/plugins/clawreverse/registry",\n runtimeDir: "~/.openclaw/plugins/clawreverse/runtime",\n reportsDir: "~/.openclaw/plugins/clawreverse/reports",\n maxCheckpointsPerSession: 100
Avoid placing secrets in checkpointed workspaces, review retention needs, and clean old ~/.openclaw/plugins/clawreverse data when no longer needed.