Clawreverse

The ClawReverse skill bundle provides session checkpointing, rollback, and branching capabilities for OpenClaw. It exhibits high-risk behaviors, including the execution of system binaries (git, tar, and the openclaw CLI) via child_process.execFile and spawn in dist/native/cli.js and dist/services/checkpoint-manager.js. Furthermore, the plugin programmatically modifies the global openclaw.json configuration file to register new agents during branching operations (dist/native/runtime.js). While these capabilities are aligned with the stated purpose of session management and state recovery, the combination of binary execution and configuration modification represents a significant attack surface. No evidence of intentional malice, data exfiltration, or obfuscation was identified.