OpenClaw Recovery Drill
PassAudited by ClawScan on May 10, 2026.
Overview
The skill coherently runs a local readiness audit for OpenClaw backups and recovery, with no evidence of exfiltration, credential use, persistence, or destructive behavior.
This looks safe to install for a recovery-readiness check. Be aware that it runs a local Node.js script and prints workspace and backup path metadata, so run it only on intended OpenClaw directories and avoid sharing the output if those paths or backup names are sensitive.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The script can reveal local path names, backup root existence, and backup artifact names in its JSON output, but only for the selected or common OpenClaw locations.
The skill asks the agent/user to run a local script against workspace and backup paths. Local command execution and filesystem inspection are central to the recovery-readiness purpose and are disclosed.
node {baseDir}/scripts/recovery-drill.mjs --workspace /absolute/path/to/workspace --backup-root /absolute/path/to/backupsRun it only against workspaces and backup roots you intend to audit, and review the JSON output before sharing it.
Users may not realize Node.js is needed or that the skill includes a runnable audit script despite being described as instruction-only.
The registry metadata under-declares the runtime expectation: the skill includes runnable code and the docs invoke Node.js, even though no required binary is declared. The code is included for review and appears purpose-aligned.
No install spec — this is an instruction-only skill; Code file presence: 2 code file(s): scripts/recovery-drill.mjs, tests/test.mjs; Required binaries: none
Confirm Node.js is available, inspect the included script if desired, and prefer running the documented command manually for the first use.