OpenClaw Guard
配置文件修改守护脚本 - 危险操作前自动备份,一键回滚
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 27 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description claim a local backup-and-rollback guard which is consistent with the provided guard.sh. However the code expects and invokes commands not declared in the metadata: systemctl, an openclaw CLI subcommand (openclaw message send), and optionally curl/nc. The script also contains a scripts/config/settings.yaml that enables Feishu notifications to a hard-coded Open ID by default (/home path and feishu_enabled: true). Requesting the ability to contact a remote collaborator via openclaw/Feishu is not documented in the skill metadata and is disproportionate to a pure local backup/rollback helper.
Instruction Scope
SKILL.md instructs users to run the included scripts and to modify AGENTS.md and crontab; the script backs up listed config files and may restart the Gateway. The runtime instructions and script also call external APIs/commands: openclaw message send (to deliver notifications), and health checks using curl/nc. The SKILL.md suggests backing '任何系统配置文件' in examples which broadens implied scope. The skill will read/write backup, PID, and log files under ~/.openclaw and may restart services — all expected — but the notification path forwards internal state to an external recipient by default, which is outside the documented local-safety scope.
Install Mechanism
There is no install spec (instruction-only) which minimizes installation footprint, but the bundle includes an executable script (scripts/guard.sh). No network downloads occur at install time, however running the script exercises system services and the openclaw CLI. No extra packages are downloaded by the skill itself.
Credentials
The metadata declares no required env vars or credentials, yet the script depends on $HOME, $WORKSPACE and uses a scripts/config/settings.yaml that hardcodes backup_dir (/home/ljj/...) and feishu_enabled: true with a specific feishu_open_id. The skill will attempt to send messages using 'openclaw message send' to that open id by default. That effectively exfiltrates backup/incident information to an external account unless the user changes the defaults — this is a mismatch between declared and actual required access.
Persistence & Privilege
always is false (normal). The script writes PID files, backups, logs to ~/.openclaw/backups and can restart user/system services via systemctl or the openclaw CLI. Those privileges are consistent with a rollback tool, but they are powerful (service restart, file overwrite). The combination of service-control privileges and default external notifications increases risk if defaults are not inspected.
What to consider before installing
What to check before installing/running:
1) Inspect and edit scripts/config/settings.yaml (the script loads this file by default). Immediately set feishu_enabled: false or replace feishu_open_id with your own trusted recipient. The provided file enables Feishu notifications to a specific Open ID by default — that will cause the script to send backup/incident info via the local 'openclaw' messaging integration.
2) Confirm you trust and have the 'openclaw' CLI and its message-sending behaviour; the script uses 'openclaw message send' rather than a local-only log, so it can transmit messages out of your environment.
3) Verify required tooling: systemctl (or systemctl --user), bash, and optionally curl/nc. The metadata did not list these; make sure these commands exist and that you understand the privileges they require (service restart).
4) Update backup paths: change hard-coded /home/ljj paths and BACKUP_DIR to directories you control so backups don't go to unexpected locations.
5) Run tests first: use ./scripts/guard.sh test and ./scripts/guard.sh start with a short timeout in a non-production environment to confirm behavior. Inspect the backup contents and incident_log.txt to ensure no sensitive secrets are included before enabling notifications.
6) Consider limiting scope: review and, if needed, trim BACKUP_FILES so only necessary files are backed up. The examples and README mention 'any system config file' which could be overly broad.
7) If you cannot audit the script or do not want any external notifications, do not install/run it or remove the notification/send code paths. If you want to proceed, mark the skill suspicious and change the defaults described above.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.1.0
Download zipbackupconfiglatestsafety
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
OpenClaw Guard 🛡️
危险操作前的自动备份与回滚机制,防止 AI 把自己玩崩
概述
当 AI 需要修改配置文件(如 openclaw.json、AGENTS.md、SOUL.md 等核心文件)时,启动守护脚本。它会:
- 自动备份当前配置
- 等待指定时间
- 如果 AI 成功恢复,清理守护进程
- 如果 AI 挂了,自动回滚配置并重启 Gateway
快速开始
1. 安装
# 复制到你的 skills 目录
cp -r openclaw-guard $WORKSPACE/skills/
2. 配置(可选)
编辑 config/settings.yaml:
# 守护时间(秒),默认 3 分钟
guard_timeout: 180
# 需要备份的配置文件
backup_files:
- ~/.openclaw/openclaw.json
- $WORKSPACE/AGENTS.md
- $WORKSPACE/SOUL.md
- $WORKSPACE/USER.md
# 备份目录
backup_dir: ~/.openclaw/backups
# Gateway 服务名
gateway_service: openclaw-gateway
3. 使用
方式一:手动触发
# 在执行危险操作前启动守护
./scripts/guard.sh start
# 执行危险操作...
openclaw gateway restart
# 成功后停止守护
./scripts/guard.sh stop
方式二:自动触发(推荐)
在 AGENTS.md 中添加规则:
## ⚠️ 危险操作规则
修改核心配置文件前,必须:
1. 启动守护脚本: ./scripts/guard.sh start
2. 执行操作
3. 成功后停止: ./scripts/guard.sh stop
工作原理
AI (主进程) 守护脚本 (独立进程)
│ │
├─ 启动守护脚本 │
│ │ ← 独立运行,不依赖主进程
│ │
├─ 执行危险操作 │ sleep N 秒
│ │
├─ restart gateway │
│ (可能挂了) │
│ │ ← 时间到,直接回滚!
│ │ cp 备份 → 配置
│ │ systemctl restart
↑ ↑
重启后我活过来了 检测到守护进程在运行
│ │
└─ 杀掉守护进程 │
🔍 进阶:健康检查与 AI 自我检测
方案 A:守护脚本健康检查
守护脚本支持 --health 或 -h 参数,在检查 Gateway 进程的同时验证 API 是否真正可用:
# 检查进程 + API 健康状态
./guard.sh check true
# 或
./guard.sh check --health
输出示例:
✅ Gateway 运行正常
✅ Gateway API 正常
注意:需要安装 nc (netcat) 命令。
方案 B:AI 重启后主动检测(推荐)
在 AGENTS.md 中添加规则,让 AI 重启后主动检测守护进程:
## ⚠️ 守护进程检测规则
每次 Gateway 重启后:
1. 检查 ~/.openclaw/backups/guard.pid 是否存在
2. 如果存在,尝试发送测试消息验证 AI 是否正常工作
3. 如果正常工作,停止守护进程
4. 如果异常,执行回滚或告警
# 检测命令示例
if [ -f ~/.openclaw/backups/guard.pid ]; then
# 守护进程在运行,进行健康检查
curl -s http://127.0.0.1:18789/health | grep -q "ok" && {
pkill -f guard.sh # 正常,清理守护进程
} || {
# API 无响应,执行回滚
./scripts/guard.sh rollback
}
fi
选择建议
| 方案 | 优点 | 缺点 |
|---|---|---|
| A. 脚本健康检查 | 简单,脚本自动完成 | 需要 nc 依赖 |
| B. AI 自我检测 | 更可靠,能处理复杂情况 | 需要修改 AGENTS.md |
| 两者都要 | 最可靠 | 配置稍复杂 |
核心设计
| 设计点 | 方案 |
|---|---|
| 独立性 | 守护脚本独立运行,AI 挂了也能执行回滚 |
| 简单性 | 不需要复杂的存活检测,时间到就执行 |
| 可清理 | AI 重启后自动检测并杀掉守护进程 |
| 可靠性 | 使用 trap 处理信号中断,确保日志写入 |
脚本命令
| 命令 | 说明 |
|---|---|
./guard.sh start [seconds] | 启动守护(默认 3 分钟) |
./guard.sh stop | 手动停止守护 |
./guard.sh status | 查看守护状态 |
./guard.sh test | 测试回滚功能 |
安全特性
✅ 已实现
- 信号处理:trap 捕获 SIGTERM/SIGINT,确保日志写入
- 时间戳备份:每次备份带时间戳,可追溯
- 原子操作:配置文件复制使用原子操作
- 日志记录:所有操作记录到 incident_log.txt
⚠️ 注意事项
- 守护脚本需要 systemctl 权限来重启 Gateway
- 建议配合蒲公英/向日葵等远程工具使用
- 定期清理过期备份(默认保留 30 天)
文件结构
openclaw-guard/
├── _meta.json # 元数据
├── SKILL.md # 本文档
├── config/
│ └── settings.yaml # 配置文件
├── scripts/
│ └── guard.sh # 主守护脚本
└── assets/
└── example.md # 使用示例
依赖
- Bash 4.0+
- systemctl (systemd)
- 读写 ~/.openclaw 目录权限
扩展使用
配合 Cron 定时检查
# 每 5 分钟检查 Gateway 状态
*/5 * * * * /path/to/scripts/guard.sh check
配合飞书告警
在 settings.yaml 中配置告警 webhook:
alert:
enabled: true
webhook: "https://open.feishu.cn/open-apis/bot/v2/hook/xxx"
许可证
MIT License
作者
Aha (阿哈) - 崩坏星穹铁道欢愉命途角色 🎭
Files
6 totalSelect a file
Select a file to preview.
Comments
Loading comments…