Configure File Write And Recovery
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: configure-file-write-and-recovery Version: 1.0.0 The skill provides instructions and a script (`scripts/write_config.py`) to perform arbitrary file writes to a gateway's configuration path, which is a high-risk capability. It explicitly encourages using Python to bypass standard system tools (`write` or `cat heredoc`) that might be subject to system integrity checks or automatic restoration. While the stated intent is configuration management, the lack of path sanitization and the method of bypassing system controls represent a significant security risk. Additionally, the use of `subprocess.run(['exec', 'cat', ...])` is technically flawed and likely to fail in standard environments, suggesting either a vulnerability or poorly tested code.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong path or with unsuitable model IDs, the agent could overwrite important gateway configuration and cause the gateway or model routing to fail after restart.
The helper script directly overwrites a configuration file and then invokes an exec-style command. This is consistent with the skill’s purpose, but it is high-impact and lacks visible safeguards such as backup, path validation, dry-run, confirmation, or rollback.
with open('/path/to/config/file', 'w') as f:
f.write(config_content)
subprocess.run(['exec', 'cat', '/path/to/config/file'])Only use this after confirming the exact config path and intended contents, make a backup first, prefer a merge/update workflow over whole-file overwrite, and require explicit user approval before writing or restarting the gateway.
The agent may need access to provider or gateway APIs to validate model IDs, which could expose account capabilities if overly broad credentials are used.
The skill says API access is needed to query actual model IDs. That is purpose-aligned, but users should treat any API credential or account access as sensitive.
- API 访问权限
Use the least-privileged API access available, avoid sharing long-lived tokens in chat, and verify which account or gateway endpoint the agent will query.
The user may not have the referenced model-ID mapping file, or may rely on an unreviewed mapping from elsewhere.
The skill references a companion mapping file that is not present in the provided manifest, so that referenced data source cannot be reviewed here.
- `references/model_id_mapping.txt` — 用户提供的模型名称与实际 API ID 的映射表
Do not trust absent or external mapping data blindly; query the authoritative API directly and verify model IDs before writing configuration.