Claw Seatbelt
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a simple local rollback helper, but it can overwrite your OpenClaw config and force-restart the Gateway more broadly than the description promises.
Install only if you are comfortable with a script changing ~/.openclaw/openclaw.json and force-restarting OpenClaw Gateway. Use it manually in a confirmed config-change/backup window, verify the backup first, and avoid background scheduling until the trigger, timing, and confirmation safeguards match the documentation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this runs at the wrong time, or if the status check fails for a transient reason, your Gateway config could be reverted and the Gateway restarted unexpectedly.
Any invocation that sees the Gateway as non-active immediately overwrites the active OpenClaw config and force-restarts the Gateway, with no confirmation, backup-script-context check, or validation that the outage was caused by the current config change.
if ! openclaw gateway status --json | grep -q ...; then ... cp "$LATEST_BACKUP" "$CONFIG_FILE" ... openclaw gateway restart --force
Require explicit user approval before rollback, verify that the script is running in a narrow post-config-change window, validate the backup, and avoid --force unless the user confirms.
Users may rely on safety limits that are not actually enforced by the included script.
The documentation promises backup-script-only activation and a 10-second recovery window, but the provided script contains no backup-script gate and performs rollback immediately after a failed status check.
**按需保护**:仅在运行备份脚本时触发 ... **10秒无敌险**:修改配置后若 Gateway 无法在 10 秒内恢复,自动回退到最新备份并重启。
Either update the implementation to enforce the documented trigger and 10-second wait, or update the documentation to clearly state that the script rolls back immediately whenever it is invoked and the Gateway is not active.
A stale, incorrect, or otherwise bad backup can become the active Gateway config and affect the whole OpenClaw Gateway session.
The script trusts the newest matching backup file solely by timestamp/name and makes it the live Gateway configuration before restarting.
LATEST_BACKUP=$(ls -t "$BACKUP_DIR"/openclaw-*.json 2>/dev/null | head -n 1) ... cp "$LATEST_BACKUP" "$CONFIG_FILE"
Validate backup integrity and contents, let the user select or confirm the backup, and keep a clear rollback path if the restored backup is also bad.
You have less assurance about provenance and compatibility, and the script may fail or behave unexpectedly if the OpenClaw CLI is unavailable or different from expected.
The skill ships a shell script that depends on local OpenClaw CLI behavior, but provenance is limited and runtime binaries are not declared. This is a verification note, not evidence of hidden malicious code.
Source: unknown; Homepage: none; Required binaries (all must exist): none
Verify the included script before use, confirm the publisher/source, and declare required binaries such as the OpenClaw CLI and shell utilities.