Free OpenClaw checklist

Before updating OpenClaw, make the rollback boring.

Use this free packet before an OpenClaw update, provider/auth change, plugin install, doctor --fix repair, or gateway restart. Native OpenClaw backup creates the archive; this checklist makes you capture the operator workflow around it: labels, before-state proof, smoke tests, and a rollback trigger.

Copy the free checklist ↓Make it repeatable with Safety Net →

Source-backed operator pains

Backup before update

A broad stabilization release can still expose local drift, so the operator job is to snapshot first and smoke-test the paths actually used.

Source: OpenClaw v2026.5.12 release note →

Config/provider change

Doctor/model-status work helps reveal plaintext-secret and pinned-model surprises, but provider route changes still need a small canary before unattended work resumes.

Source: OpenClaw v2026.5.20 release note →

doctor --fix risk

A repair command can look clean while auth/profile state still disagrees with the gateway; trust a real gateway/auth smoke test, not the repair command alone.

Source: Gateway token mismatch field report + OpenClaw issue →

Gateway smoke after update

Reachability and auth mode matter after every gateway restart, Tailscale exposure change, token rotation, or shared-network update.

Source: OpenClaw gateway hardening commit →

Beta plugin/skill policy change

This beta moves plugin and skill installs to an operator install policy, so treat marketplace/source/archive installs as canary paths that need explicit prompts, policy checks, and rollback proof.

Source: OpenClaw v2026.6.2-beta.1 release note →

The pre-update checklist

1. Write down what will change: OpenClaw version, package source, plugin, provider/auth route, gateway mode, or config file path.

2. Create a native OpenClaw backup archive and verify it before editing anything.

3. Capture the current version, doctor/model/gateway status, and one known-good tiny task result.

4. Apply the update or config/provider change in the smallest slice possible; avoid mixing an OpenClaw update with plugin and auth changes unless you have to.

5. For beta releases that touch plugin or skill install policy, canary one package/archive/source/marketplace install path and record the exact operator prompt or policy result.

6. Run doctor/status checks, then a real smoke test for each path you actually use: gateway, provider auth, cron, Telegram/Discord, browser, plugin, or local model.

7. Keep the previous backup label and rollback note until one normal agent run completes without hidden auth, gateway, or model drift.

Where Safety Net starts

Native OpenClaw backup is the archive engine. OpenClaw Safety Net is the operator workflow layer around that archive: what to label, what to smoke-test, what proves the change is safe, and when to restore instead of improvising.

Pre-change checklist for updates, config edits, provider swaps, and experiments.
Restore drill and incident rollback worksheet for bad days.
Gateway auth-change worksheet for shared-network or Tailscale exposure fixes.
Config snapshot and smoke-test records that avoid copying secret values.

What the $9 Safety Net pack adds

Use the free checklist first. Buy Safety Net when this needs to become a repeatable operating habit rather than a one-off note.

Use the free checklist when

you are doing a one-off update and can write the backup label, smoke result, and rollback trigger in your own notes.

Buy Safety Net when

the setup matters tomorrow: shared gateway access, provider/auth changes, cron or unattended agents, customer-facing workflows, or another operator who needs the restore path.

Do not buy yet if

you have not run the free backup command or you are looking for live support; start with the checklist and only make it repeatable if the workflow earns it.

README and CONTENTS map so you can find the right restore path under pressure.
pre-change-checklist.md, smoke-test-checklist.md, and incident-rollback-worksheet.md for repeatable before/after proof.
gateway-auth-change-checklist.md: gateway auth-change worksheet for Tailscale or shared-network exposure fixes.
restore-drill.md plus example-restore-transcript.md so the first restore is practiced before an outage.
restore-drill-proof-card.md for the buyer-visible pass/fail record: archive verified, restore completed, smoke test passed, and time back to green.
backup-openclaw.sh, restore-openclaw.sh, prechange-snapshot.sh, and config-diff-snapshot.sh as editable helper scripts.

View OpenClaw Safety Net →

Copy/paste packet

Paste this into your update note before changing OpenClaw. Do not paste raw tokens, private download URLs, customer data, or secret-bearing config values.

before-updating-openclaw.md

Before updating OpenClaw checklist

1. Change planned:
   - OpenClaw version/package:
   - Config/provider/plugin/gateway path touched:
   - Why now:

2. Native backup archive:
   openclaw backup create --verify
   - Archive label/location:
   - Verification result:

3. Before-state proof:
   openclaw --version
   openclaw doctor
   openclaw models status
   openclaw gateway status --json
   - Known-good tiny task:

4. After-change smoke:
   - Provider/auth route: pass/fail/not used
   - Gateway reachable and authorized only as intended: pass/fail/not used
   - Plugin/skill install policy prompt behaved as expected: pass/fail/not used
   - Plugin or channel path used by agents: pass/fail/not used
   - Cron/unattended path: pass/fail/not used

5. Rollback trigger:
   - What failure sends you back to the backup:
   - Restore drill or rollback owner:
   - Do not delete the old token/config/archive until this passes.