OpenClaw Rescue Gateway Skill.md

v1.0.1

为 OpenClaw 配置稳定可维护的 Rescue Gateway。适用于主 Gateway 已存在、需要第二个 Discord Rescue Bot、需要独立端口和独立 launchd label、需要避免主 gateway stop 误伤 rescue gateway、需要默认 full exec 权限且不...

⭐ 0· 323·1 current·1 all-time

byChaojie Chen@cchaojiejes

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (Rescue Gateway) match the instructions: create a separate profile, launchd label, port, and agentDir for a rescue Discord bot. All recommended config edits, ports, and launchctl steps are directly relevant to that goal.

Instruction Scope

The SKILL.md tells the operator to copy the main agent's auth-profiles.json into the rescue agentDir and to place bot tokens and gateway tokens into the rescue config. It also instructs setting tools.exec.security = "full", tools.exec.ask = "off", and plugins.entries.acpx.config.permissionMode = "approve-all". These steps go beyond innocuous config changes: they duplicate sensitive credentials and suppress execution/audit prompts, which materially increases risk even if necessary for an unattended rescue agent.

✓

Install Mechanism

Instruction-only skill with no install spec and no code files — nothing is downloaded or written by the skill itself. Risk from install mechanism is minimal.

Credentials

The registry metadata lists no required env vars, but the instructions require setting environment variables and placing secrets (Discord bot token, rescue gateway token) into config files and copying auth-profiles.json (which may contain provider API keys). Requesting or directing duplication of those secrets is proportionate to running the rescue agent but increases credential exposure and blast radius; the skill does not declare or limit those secrets in metadata.

Persistence & Privilege

The skill itself does not request permanent platform privileges (always:false). However it explicitly recommends configuration values that grant the rescue gateway broad runtime privileges (full exec, ask: off, approve-all). That is a deliberate privilege expansion for the rescue service and should be considered a high-risk, user-controlled change.

Scan Findings in Context

[regex-scan-none] expected: No code files or regex findings; this is expected because the skill is instruction-only (SKILL.md) and has no install spec for analysis. The primary security surface is the prose instructions.

Assessment

This skill does what it says: it shows how to run a separate OpenClaw Rescue Gateway and deliberately tells you to copy the main agent's auth profiles and to disable execution prompts and approval checks so the rescue agent runs unrestricted. That is coherent but risky: copying auth-profiles.json duplicates API keys (Anthropic, other providers) and giving the rescue gateway "full" exec and "approve-all" removes protections that would normally stop accidental or malicious code execution. Before installing/using: (1) inspect the auth-profiles.json being copied and verify you understand which provider keys will be duplicated; (2) if possible create a scoped/rescue-only Discord bot token and minimal provider credentials rather than copying production keys; (3) avoid or postpone setting tools.exec.security = "full" and plugins approve-all unless you explicitly need unattended full-exec behavior — prefer ask = "on" or more restrictive permissionMode; (4) test in an isolated account/container or with rotated tokens so compromise has limited impact; (5) keep backups and rotate credentials after testing. If you are not comfortable managing launchd/plist or handling secret files, do not apply these instructions blindly.

Like a lobster shell, security has layers — review code before you run it.

latestvk971kkhgdjprryk79a3hgvrcd982dj9k

323downloads

0stars

2versions

Updated 8h ago

v1.0.1

MIT-0

Rescue Gateway 2.0

当主 Gateway 故障时，Rescue Gateway 提供独立入口。此版本的目标不是“能跑起来”，而是“能长期维护，不和主 Gateway 互相干扰”。

适用场景

已安装 OpenClaw 主 Gateway
需要第二个 Discord Bot，名称如 OpenClaw Rescue Bot
需要 Rescue Gateway 独立运行在 19001
需要默认 exec 全权限且不审核
需要避免 openclaw gateway stop 把 rescue 一起停掉

结论先行

Rescue Gateway 的推荐落地方式是：

配置目录使用官方 profile：~/.openclaw-rescue/openclaw.json
CLI 使用官方 profile：openclaw --profile rescue ...
服务不用官方默认 label ai.openclaw.rescue
服务改用独立 launchd label：ai.openclaw.gateway.rescue

原因：

profile 配置目录是对的，后续维护简单
但在实际使用中，官方 profile service 的 gateway stop 可能和主 gateway 生命周期串扰
独立 label 可以把 rescue 的启动/停止边界切干净

目录和端口

项目	主 Gateway	Rescue Gateway
Config	`~/.openclaw/openclaw.json`	`~/.openclaw-rescue/openclaw.json`
State	`~/.openclaw`	`~/.openclaw-rescue`
Workspace	`~/.openclaw/workspace`	`~/.openclaw-rescue/workspace`
Port	`18789`	`19001`
launchd label	`ai.openclaw.gateway`	`ai.openclaw.gateway.rescue`

端口必须至少错开 20。OpenClaw 会派生浏览器和调试端口，不能重叠。

Rescue Config

优先做法：以主配置为模板，写入 ~/.openclaw-rescue/openclaw.json。

关键要求：

channels.discord.token 使用 Rescue Bot token
gateway.port 使用 19001
agents.defaults.workspace 使用 ~/.openclaw-rescue/workspace
agents.list[0].agentDir 使用 ~/.openclaw-rescue/agents/rescue/agent
tools.exec.security = "full"
tools.exec.ask = "off"
agents.defaults.elevatedDefault = "full"
plugins.entries.acpx.enabled = true
plugins.entries.acpx.config.permissionMode = "approve-all"

最小关键片段：

{
  "agents": {
    "defaults": {
      "elevatedDefault": "full",
      "workspace": "/Users/YOUR_NAME/.openclaw-rescue/workspace"
    },
    "list": [
      {
        "id": "rescue",
        "workspace": "/Users/YOUR_NAME/.openclaw-rescue/workspace",
        "agentDir": "/Users/YOUR_NAME/.openclaw-rescue/agents/rescue/agent",
        "subagents": { "allowAgents": ["*"] }
      }
    ]
  },
  "bindings": [
    {
      "agentId": "rescue",
      "match": { "channel": "discord" }
    }
  ],
  "tools": {
    "profile": "full",
    "exec": {
      "security": "full",
      "ask": "off"
    }
  },
  "channels": {
    "discord": {
      "enabled": true,
      "token": "YOUR_RESCUE_BOT_TOKEN"
    }
  },
  "gateway": {
    "port": 19001,
    "mode": "local",
    "bind": "loopback",
    "auth": {
      "mode": "token",
      "token": "YOUR_RESCUE_GATEWAY_TOKEN"
    }
  },
  "plugins": {
    "entries": {
      "acpx": {
        "enabled": true,
        "config": {
          "permissionMode": "approve-all"
        }
      }
    }
  }
}

Rescue Agent Auth

Rescue agent 使用独立 agentDir，不会自动继承主 agent 的认证。

如果 rescue bot 能登录 Discord，但回复时报：

No API key found for provider "anthropic"
No API key found for provider "kimi-coding"

就把主 agent 的认证复制过去：

cp ~/.openclaw/agents/main/agent/auth-profiles.json \
  ~/.openclaw-rescue/agents/rescue/agent/auth-profiles.json

chmod 600 ~/.openclaw-rescue/agents/rescue/agent/auth-profiles.json

Rescue LaunchAgent

不要用官方默认 profile service label。

使用自定义 plist：

路径：~/Library/LaunchAgents/ai.openclaw.gateway.rescue.plist
label：ai.openclaw.gateway.rescue
启动参数包含：--profile rescue gateway --port 19001
环境变量必须包含：
- OPENCLAW_PROFILE=rescue
- OPENCLAW_STATE_DIR=~/.openclaw-rescue
- OPENCLAW_CONFIG_PATH=~/.openclaw-rescue/openclaw.json
- OPENCLAW_LAUNCHD_LABEL=ai.openclaw.gateway.rescue

关键原因：

配置仍然走官方 profile
但 service label 与主 gateway 彻底隔离
可避免主 openclaw gateway stop 误伤 rescue

启动与验证

加载 rescue：

launchctl bootstrap gui/$(id -u) ~/Library/LaunchAgents/ai.openclaw.gateway.rescue.plist
launchctl enable gui/$(id -u)/ai.openclaw.gateway.rescue
launchctl kickstart -k gui/$(id -u)/ai.openclaw.gateway.rescue

验证：

OPENCLAW_LAUNCHD_LABEL=ai.openclaw.gateway.rescue \
openclaw --profile rescue gateway status

tail -f ~/.openclaw-rescue/logs/gateway.log

成功标志：

[discord] logged in to discord as XXXXX (OpenClaw Rescue Bot)

日常命令

主 gateway：

openclaw gateway stop
openclaw gateway start
openclaw gateway restart
openclaw gateway status

rescue gateway：

OPENCLAW_LAUNCHD_LABEL=ai.openclaw.gateway.rescue \
openclaw --profile rescue gateway stop

OPENCLAW_LAUNCHD_LABEL=ai.openclaw.gateway.rescue \
openclaw --profile rescue gateway start

OPENCLAW_LAUNCHD_LABEL=ai.openclaw.gateway.rescue \
openclaw --profile rescue gateway restart

OPENCLAW_LAUNCHD_LABEL=ai.openclaw.gateway.rescue \
openclaw --profile rescue gateway status

如果只是 emergency 操作，直接用 launchctl 也可以：

launchctl bootout gui/$(id -u) ~/Library/LaunchAgents/ai.openclaw.gateway.rescue.plist
launchctl bootstrap gui/$(id -u) ~/Library/LaunchAgents/ai.openclaw.gateway.rescue.plist

诊断顺序

先看配置是否有效

openclaw --profile rescue config validate

再看 service

OPENCLAW_LAUNCHD_LABEL=ai.openclaw.gateway.rescue \
openclaw --profile rescue gateway status

再看日志

tail -f ~/.openclaw-rescue/logs/gateway.log
tail -f ~/.openclaw-rescue/logs/gateway.err.log

Changelog

2.0.0

配置目录从 ~/.openclaw/openclaw-rescue.json 收口到官方 profile 路径 ~/.openclaw-rescue/openclaw.json
rescue workspace 从 ~/.openclaw/workspace-rescue 收口到 ~/.openclaw-rescue/workspace
明确要求复制主 agent auth-profiles.json 到 rescue agentDir
增加默认无审核执行配置：
- tools.exec.security = "full"
- tools.exec.ask = "off"
- agents.defaults.elevatedDefault = "full"
- plugins.entries.acpx.config.permissionMode = "approve-all"
明确说明不要直接使用官方默认 rescue service label，改用独立 label ai.openclaw.gateway.rescue
新增主/rescue 分离的日常命令

1.0.0 的缺陷

使用 ~/.openclaw/openclaw-rescue.json，没有和官方 profile 目录对齐，后续 CLI 管理不统一
使用 ~/.openclaw/workspace-rescue，workspace 和 profile state 分裂
没有说明 rescue agent 需要单独复制 auth-profiles.json，导致模型认证缺失
没有配置默认 exec 全权限和免审核，导致实际运行仍会弹审批
plugins.entries.acpx 配置缺失或不完整，导致执行行为与预期不一致
直接建议自定义 service，但没有解释与官方 --profile rescue 的关系
没有指出官方默认 profile service 在实机上可能和主 gateway stop 串扰
停止命令仍使用 launchctl unload，不适合当前 OpenClaw 的 service 生命周期

已知现实约束

openclaw gateway stop 只适合主 gateway
rescue 若要完全避免被误停，必须配合自定义 label ai.openclaw.gateway.rescue
openclaw --profile rescue ... 仍然用于 rescue 的配置、状态和 CLI 操作

Comments

Loading comments...