Oc Guard Skill
v1.1.2Safe OpenClaw config planning/apply workflow with bilingual execution receipts.
⭐ 0· 287·1 current·1 all-time
byedmond@edmond-ai
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (oc-guard: safe config plan/apply) match the included files and required binaries. The script implements plan/apply, path allowlists, validation, backup/rollback, and bilingual receipts. Required binaries (python3, openclaw, opencode) are appropriate for the stated purpose.
Instruction Scope
SKILL.md directs agents to run the bundled CLI and enforce plan/apply/gating rules; it does not ask the agent to read unrelated system files or external endpoints. The repository docs and AGENTS.md warn not to publish secrets and call out diagnostic files in /tmp; these behaviors align with the script.
Install Mechanism
There is no install spec (instruction-only with a bundled script). That is low-risk and coherent: the repo expects the script to be made executable and linked into ~/.local/bin optionally. No external download URLs or archive extracts are present.
Credentials
The skill declares no required env vars but supports a set of optional environment overrides (OPENCLAW_HOME, OCGUARD_*, etc.). The script will create a local receipt secret file (~/.openclaw/.ocguard_receipt_secret) if OCGUARD_RECEIPT_SECRET is not provided. This is proportionate to producing signed receipts but users should be aware of the local secret file and the optional env overrides.
Persistence & Privilege
The skill does not request always:true and is user-invocable only — normal defaults. It writes a local receipt secret and log files under ~/.openclaw and /tmp and may create backups under ~/.openclaw/config-backups. These are scoped to the user's environment and are expected for a config guard; users should confirm they are comfortable with these local files being created.
Assessment
This skill appears to do what it claims: a local Python CLI that gates OpenClaw config changes via plan/apply, performs backups, and emits signed bilingual receipts. Before installing or allowing autonomous invocation, check: 1) verify the openclaw and opencode binaries on your system are the official tools the script will call (the script runs them via subprocess), 2) review scripts/oc-guard.py (it will create a receipt secret file at ~/.openclaw/.ocguard_receipt_secret and logs in /tmp) and confirm you are comfortable with those local files, 3) run the provided smoke checks (python3 -m py_compile scripts/oc-guard.py and scripts/oc-guard.py plan --proposal templates/proposal.template.json) and inspect outputs, and 4) ensure /tmp diagnostic files (e.g., /tmp/oc-guard-last-opencode-output.txt) are handled as they may contain local diagnostic output. The skill does not request external credentials and does not contain hardcoded remote endpoints, but it does invoke external CLIs — only proceed if those CLIs are trusted. If you want extra assurance, run the script in a sandbox or inspect the remainder of the script not included in the truncated listing.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
Binspython3, openclaw, opencode
latest
edmond@edmond-ai
Downloadoc-guard Skill
Purpose
All config-changing requests must go through oc-guard.
Do not directly edit ~/.openclaw/openclaw.json.
When possible, invoke the bundled CLI at {baseDir}/scripts/oc-guard.py.
Hard Rules
- Use
oc-guard planbefore apply. - High-risk changes require
oc-guard apply --confirm. - Always return execution receipt first.
- If command is not executed, return
【模型说明-未执行】. - Never claim success without a real
oc-guardreceipt.
Common Commands
{baseDir}/scripts/oc-guard.py --help{baseDir}/scripts/oc-guard.py plan "<requirement>"{baseDir}/scripts/oc-guard.py apply --confirm "<requirement>"{baseDir}/scripts/oc-guard.py plan --proposal <file>{baseDir}/scripts/oc-guard.py apply --confirm --proposal <file>
Comments
Loading comments...