Configure File Write And Recovery
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is aligned with editing gateway configuration, but it promotes overwriting persistent config files with exec/Python without clear backup, approval, or rollback safeguards.
Review this skill before use. It may be useful for gateway configuration issues, but do not let it write files or restart a gateway automatically. Confirm the real config path, back up the current file, validate the model IDs from the official API, and require explicit approval for any write or reboot action.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong path or with unsuitable model IDs, the agent could overwrite important gateway configuration and cause the gateway or model routing to fail after restart.
The helper script directly overwrites a configuration file and then invokes an exec-style command. This is consistent with the skill’s purpose, but it is high-impact and lacks visible safeguards such as backup, path validation, dry-run, confirmation, or rollback.
with open('/path/to/config/file', 'w') as f:
f.write(config_content)
subprocess.run(['exec', 'cat', '/path/to/config/file'])Only use this after confirming the exact config path and intended contents, make a backup first, prefer a merge/update workflow over whole-file overwrite, and require explicit user approval before writing or restarting the gateway.
The agent may need access to provider or gateway APIs to validate model IDs, which could expose account capabilities if overly broad credentials are used.
The skill says API access is needed to query actual model IDs. That is purpose-aligned, but users should treat any API credential or account access as sensitive.
- API 访问权限
Use the least-privileged API access available, avoid sharing long-lived tokens in chat, and verify which account or gateway endpoint the agent will query.
The user may not have the referenced model-ID mapping file, or may rely on an unreviewed mapping from elsewhere.
The skill references a companion mapping file that is not present in the provided manifest, so that referenced data source cannot be reviewed here.
- `references/model_id_mapping.txt` — 用户提供的模型名称与实际 API ID 的映射表
Do not trust absent or external mapping data blindly; query the authoritative API directly and verify model IDs before writing configuration.