diff --git a/roles/openclaw/tasks/openclaw.yml b/roles/openclaw/tasks/openclaw.yml
index 4f1a361..c8327e6 100644
--- a/roles/openclaw/tasks/openclaw.yml
+++ b/roles/openclaw/tasks/openclaw.yml
@@ -32,6 +32,20 @@
     - { path: "{{ openclaw_config_dir }}/agents/main/agent", mode: '0700' }
     - { path: "{{ openclaw_config_dir }}/workspace", mode: '0755' }
 
+# Stat BEFORE the create-directories task below — otherwise the non-recursive
+# chown baked into that task would reset ownership on the top-level pnpm dir
+# every run, making the recursive guard below always evaluate false and never
+# repair drift deeper in the subtree.
+- name: Check pnpm subtree ownership (scan for drift before any chown)
+  ansible.builtin.shell:
+    cmd: >-
+      find {{ openclaw_home }}/.local/share/pnpm -not -user {{ openclaw_user }}
+      -o -not -group {{ openclaw_user }} 2>/dev/null | head -n 1
+  register: pnpm_ownership_drift
+  changed_when: false
+  failed_when: false
+  check_mode: false
+
 - name: Create pnpm directories
   ansible.builtin.file:
     path: "{{ item }}"
@@ -44,7 +58,7 @@
     - "{{ openclaw_home }}/.local/share/pnpm/store"
     - "{{ openclaw_home }}/.local/bin"
 
-- name: Ensure pnpm directories have correct ownership
+- name: Ensure pnpm directories have correct ownership (recursive, only on drift)
   ansible.builtin.file:
     path: "{{ openclaw_home }}/.local/share/pnpm"
     state: directory
@@ -52,6 +66,7 @@
     group: "{{ openclaw_user }}"
     recurse: true
     mode: '0755'
+  when: pnpm_ownership_drift.stdout | default('') | length > 0
 
 - name: Configure pnpm for openclaw user
   ansible.builtin.shell: