Config Rollback
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill matches its stated rollback purpose, but it installs a scheduled background task that can automatically change OpenClaw configuration and restart the gateway.
This appears to be a legitimate OpenClaw config rollback helper. Before installing, be comfortable with a cron job that runs every minute, can overwrite ~/.openclaw/openclaw.json from a backup, and can restart the OpenClaw gateway. Review the cron entry and avoid putting secrets in the persistent verification notes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the timeout condition is met, the skill may revert your OpenClaw configuration and restart the gateway without asking again.
The guardian can overwrite the active OpenClaw configuration from a backup and restart the gateway automatically. This is central to the rollback purpose, but it is a high-impact local action.
cp $backup_file $CONFIG
openclaw gateway restart >> $LOG 2>&1Use the prepare script only before intentional config changes, understand the 5-minute rollback window, and confirm the selected backup is the one you want.
A scheduled task will remain active after installation and can act whenever the rollback state file exists.
The installer adds a persistent cron task that runs the rollback guardian every minute. The behavior is disclosed and purpose-aligned, but it is continuing background automation.
(crontab -l 2>/dev/null | grep -v "rollback-guardian"; echo "*/1 * * * * $OPENCLAW_DIR/scripts/rollback-guardian.sh") | crontab -
Check your crontab after installation and remove the rollback-guardian entry if you no longer want automatic rollback protection.
Installation does more than an instruction-only skill might imply: it copies executable scripts and configures scheduled execution.
The package includes a local installer that copies and enables scripts even though the registry says there is no install spec. The script is visible in the artifacts, but the install behavior is not fully represented by the registry metadata.
cp $SCRIPT_DIR/*.sh $OPENCLAW_DIR/scripts/ chmod +x $OPENCLAW_DIR/scripts/prepare-config-change.sh
Review the install script before running it, and the publisher should declare the installer behavior and cron dependency in metadata.
Text entered during setup can persist in OpenClaw documentation and may influence later agent behavior if that file is used as context.
The prepare script appends the user-provided change description and verification items into a persistent Markdown document that may later be read as task context.
VERIFICATION_FILE=~/.openclaw/workspace/docs/PENDING_VERIFICATION.md cat >> $VERIFICATION_FILE << EOF
Do not put secrets or untrusted instructions in verification items, and periodically review PENDING_VERIFICATION.md.