RescueClaw
WarnAudited by ClawScan on May 10, 2026.
Overview
RescueClaw has a coherent safety purpose, but it under-discloses a post-install external daemon download and an automatic rollback mechanism that can change OpenClaw state without clear bounds.
Install only if you trust the RescueClaw maintainer and GitHub release binary. Before use, verify what the daemon backs up and restores, confirm how to stop it or clear checkpoints, and consider waiting for signed/checksummed releases and clearer install metadata.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may place and later run a binary that was not included in the reviewed artifact set.
The installer retrieves and unpacks an external executable at install time, and the provided artifacts do not show checksum, signature, or reproducible-build verification.
const url = `https://github.com/${REPO}/releases/download/v${VERSION}/${tarName}`; ... execSync(`curl -fsSL "${url}" -o "${tmpFile}"`); execSync(`tar xzf "${tmpFile}" -C "${installDir}"`);Require a declared install spec, pinned checksums or signatures, clear binary provenance, and matching documented/installed versions before trusting the daemon.
A user may expect only instructions, while installation can run setup code that creates directories, downloads a binary, and modifies the user's PATH-adjacent ~/.local/bin area.
The package is configured to run an installation hook, even though the registry section says there is no install spec and presents the skill as instruction-only.
"clawhub": { "category": "safety", "postInstall": "install.js" }Make the post-install behavior explicit in registry metadata and require user confirmation before executing install scripts or installing executables.
A liveness issue or mis-set rollback window could unexpectedly revert OpenClaw configuration, gateway, or skill changes.
The skill describes autonomous rollback by a daemon/watchdog, but does not define exact trigger conditions, affected paths, maximum rollback window, logs, or user approval before restore.
If the agent becomes unresponsive within the rollback window, RescueClaw will immediately restore from the checkpoint backup.
Document and enforce rollback scope, maximum windows, confirmation controls, audit logs, and a clear way to disable or clear pending rollbacks.
Local backups may retain copies of configuration or operational state after the original risky operation is complete.
The skill stores persistent local backup/checkpoint data; the artifacts do not specify exactly what data is captured, how long it is retained, or whether configuration secrets could be included.
RescueClaw will take an immediate backup. ... Data is stored in `~/.openclaw/rescueclaw/`
Inspect the backup directory, clean old backups when no longer needed, and prefer documentation that states backup contents, permissions, and retention.