OpenClaw emergency checklist

My AI agent deleted, sent, spent, or ran something it should not have.

First, stop the bleeding. Then preserve evidence, recover what you can, rotate anything exposed, and let HaltState AI create approval and deny policies before the agent gets tools again.

First Five Minutes Prevent This Next Time

First five minutes

Do these before trying to debug the model. Incidents get worse when the agent is still connected to tools.

Stop the agent runtime

Kill the process, pause the scheduler, disable the webhook, or revoke the automation token. Confirm no worker is still retrying failed tool calls.

Disconnect the dangerous integration

Remove write access for email, file storage, shell, database, cloud, payment, CRM, or ticketing systems touched by the agent.

Preserve logs before cleanup

Save prompts, tool calls, stdout/stderr, API request IDs, database logs, inbox activity, and cloud audit events.

Rotate secrets if files or env were exposed

Assume API keys, SSH keys, tokens, and database credentials are compromised if the agent could read or transmit them.

Restore from the system of record

Use provider trash, backups, point-in-time recovery, git history, database WAL/binlogs, or vendor support before overwriting evidence.

What happened?

Pick the blast radius and lock that surface first.

Email was deleted or sent

  • Revoke the agent's mailbox token.
  • Check trash, archive, rules, forwarding, and sent mail.
  • Export mailbox audit logs before restoring.
  • Add approval for delete, send, forward, and rule changes.

Files were deleted or modified

  • Stop sync clients to avoid propagating damage.
  • Check recycle bin, snapshots, version history, and backups.
  • Hash preserved copies before editing them.
  • Restrict agents to a sandbox path.

A database was changed

  • Remove write credentials from the agent.
  • Snapshot the current database state.
  • Use point-in-time recovery or transaction logs.
  • Require break-glass approval for destructive SQL.

Shell commands ran

  • Capture shell history, process logs, and modified files.
  • Inspect cron, services, authorized_keys, and startup scripts.
  • Rotate secrets if home, env, or project files were readable.
  • Block commands outside approved directories.

Money or API spend happened

  • Disable the billing key or vendor token.
  • Set a hard spend cap before re-enabling access.
  • Export invoice, usage, and request logs.
  • Require human approval above zero-dollar writes.

You are not sure

  • Treat it as a write incident until proven otherwise.
  • Disable all agent write tools.
  • Search logs for delete, update, send, transfer, exec, and push.
  • Restart only with policy gates in front.

Minimum controls before restarting OpenClaw

Do not rely on another instruction prompt. Use HaltState AI, the policy wizard, or the in-site support agent to create policy drafts, review them, then enforce the accepted policies outside the model.

[
  {
    "name": "Require approval for email sends",
    "action_pattern": "email.send",
    "effect": "APPROVAL_REQUIRED",
    "priority": 80
  },
  {
    "name": "Block dangerous shell commands",
    "action_pattern": "shell.*",
    "effect": "DENY",
    "conditions": [
      {"path": "params.command", "op": "matches", "value": "rm -rf|mkfs|dd if=|chmod -R|chown -R"}
    ],
    "priority": 95
  },
  {
    "name": "Require approval for database changes",
    "action_pattern": "database.*",
    "effect": "APPROVAL_REQUIRED",
    "priority": 85
  }
]

Before the next tool call, add HaltState.

HaltState gives OpenClaw a policy gate, approval queue, global stop, and proof trail for every action that matters. HaltState AI can create the starter policies for you.

Add Runtime Controls