Config Guardian
Safe OpenClaw config updates with automatic backup, validation, and rollback. For agent use - prevents invalid config updates.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 4 · 3k · 24 current installs · 24 all-time installs
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, and included scripts consistently implement atomic config changes, backups, validation (openclaw doctor), and rollback. The .clawhub/origin.json declaring required binaries (openclaw, python3) matches the scripts' runtime calls.
Instruction Scope
Runtime instructions tell the agent only to run the included scripts which read/write ~/.openclaw/openclaw.json and run openclaw doctor. This stays within the stated purpose. Note: simple text searches (grep) in validate_config.sh may yield false positives for blocked keys and the inline python validation assumes a particular JSON shape—these are implementation caveats rather than malicious behavior.
Install Mechanism
No install spec or remote downloads are present; the skill is instruction+script-only and does not pull external code during install.
Credentials
The skill requests no environment variables or credentials. It only requires the openclaw and python3 binaries which are necessary for its stated functionality.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide agent settings. It only reads/writes the user's OpenClaw config and keeps backups under ~/.openclaw/config-guardian-backups.
Assessment
This skill appears to do what it says: create backups, apply a config change via the local openclaw CLI, run openclaw doctor, and restore on failure. Before installing/use: (1) verify you trust the local openclaw binary (the scripts call it and rely on its behavior); (2) inspect the scripts yourself (they operate on ~/.openclaw/openclaw.json and create backups there); (3) test in a safe environment or with a copy of your config to confirm validation behavior and that blocked-key detection meets your expectations (grep may match substrings); (4) confirm openclaw doctor is available and behaves as expected (it’s the validation gate); (5) if you need stricter checks, consider hardening validate_config.sh (e.g., stricter JSON key checks). Overall the skill is internally coherent and does not request excessive privileges or external installs.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.1
Download zipagent-toolbackupconfiglatestsafetyvalidation
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Config Guardian
Overview
For Agent use only. Safe config updates with automatic backup, validation, and rollback. Prevents the agent from updating non-existent keys or invalid values.
When to Use
Use this skill every time you need to update openclaw.json. Prevents:
- Updating non-existent config keys
- Using invalid values
- Breaking the gateway with bad config
Workflow: Atomic Apply (Default)
For all config changes - handles everything in one command:
./scripts/atomic_apply.sh <config_path> <new_value>
# Example: ./scripts/atomic_apply.sh "agents.defaults.model.primary" "minimax-portal/MiniMax-M2.5"
What it does:
- Creates timestamped backup automatically
- Applies change via
openclaw config set <path> <value> - Validates with
openclaw doctor --non-interactive - Auto-rollback if validation fails
- Trap ensures rollback even on crash
Backup location:
~/.openclaw/config-guardian-backups/
Guardrails
- Never restart or apply config without explicit user approval
- Always use
atomic_apply.sh - If validation fails -> config auto-rolled back, don't force it
Scripts
| Script | Purpose |
|---|---|
atomic_apply.sh | Default - all-in-one safe apply |
validate_config.sh | Validate via OpenClaw doctor |
restore_config.sh | Manual restore from backup |
Files
5 totalSelect a file
Select a file to preview.
Comments
Loading comments…