ClawHub

Jasper ConfigGuard

v1.0.0

Safely apply OpenClaw config changes with backup, automatic rollback on failure, health checks, and commands for patching, restoring, listing, diffing, valid...

1· 1.4k·2 current·2 all-time
by@emberdesire
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/README/SKILL.md all describe safe edits to an OpenClaw config and rollback behavior. The code operates on ~/.openclaw/openclaw.json (or cwd/openclaw.json), posts health-checks to localhost:18789, creates backups, writes files, and issues pgrep/kill commands to the gateway process — all coherent with a config-guard tool.
Instruction Scope
SKILL.md instructs installation via npm and shows CLI/programmatic usage that reads/writes ~/.openclaw/openclaw.json, manages backups in ~/.openclaw/config-backups/, and restarts the gateway. Those operations are expected for the tool, but the registry metadata did not declare any required config paths or filesystem access; the instructions explicitly require write access to ~/.openclaw which should be noted.
Install Mechanism
The skill bundle includes full source files but provides no install spec in the registry. SKILL.md instructs users to install via `npm install -g jasper-configguard` (which downloads code from the npm registry). No download-from-untrusted-URL or extraction steps are present in the manifest — risk is standard for installing an npm package; verify package provenance before global install.
Credentials
No environment variables or secrets are requested. The code uses HOME to locate config paths and expects write access to those paths. It does not request or transmit credentials or contact external endpoints beyond the local gateway (http://localhost:18789).
Persistence & Privilege
The skill will modify local configuration files and attempt to restart the gateway using OS signals (pgrep/kill). That is an expected privilege for a config management tool but is a privileged action on the host — consider whether the agent runtime should be allowed to perform these operations automatically.
Assessment
This package appears to do what it says: it reads/writes your OpenClaw config (~/.openclaw/openclaw.json), stores backups in ~/.openclaw/config-backups/, and may restart the gateway process (pgrep/kill). Before installing or letting an agent invoke it autonomously, consider: (1) Verify the package source (npm name, repository, owner) and that you trust the publisher. (2) Back up your current config manually. (3) Run it in a non-production environment first (use --dry-run and --no-restart). (4) Ensure the agent/runtime has only the minimum permissions you are comfortable with — this tool needs filesystem write access and the ability to signal processes. (5) Note the minor metadata mismatch: the registry metadata lists no required config paths, but the tool expects ~/.openclaw; ensure path expectations match your deployment. If you want stricter control, require manual confirmation for patches or avoid enabling autonomous invocation for this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9784e7gy6hn3g59hwkaea5fss80metv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments