OpenClaw Config Ops

This skill appears to implement a reasonable, conservative process for editing OpenClaw gateway config, but there are a few red flags to consider before installing or running it: - Mismatch in declared vs actual requirements: the registry metadata claims no required config paths, yet the instructions read/write ~/.openclaw/openclaw.json and create backups/logs under ~/.openclaw. Confirm you are comfortable giving an agent filesystem and CLI access to that path. - Unknown provenance: no homepage and an opaque owner ID. Prefer skills from known authors or with source links; ask the publisher for a repo or documentation before granting access. - Sensitive data risk: gateway config files often include tokens, keys, or provider settings. Treat backups and logs produced by the skill as sensitive and verify their storage/retention policy. - Exec usage: the skill may call the local openclaw CLI and fall back to executing Python for JSON edits; ensure the openclaw binary on your system is trusted and that executing commands is acceptable in your environment. Recommended actions: - Request the skill author to update registry metadata to declare required config paths (e.g., ~/.openclaw/openclaw.json) and any CLI dependencies. - Inspect a copy of openclaw.json yourself and remove or redact secrets before allowing automated changes, or run the skill in a sandboxed environment with limited file access. - Require user-invocation (do not grant broad autonomous invocation) until you verify the skill's source and behavior. If the author provides a public repository or the registry metadata is corrected to declare the config paths and CLI dependency, my confidence that the skill is coherent would increase and the rating could move to benign.