Config Modification
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a mostly coherent local config-safety skill, but it uses persistent automation, unreviewed external rollback code, and may expose credential-like config values in diffs.
Review this skill before installing, especially if your OpenClaw config contains API keys or production settings. Do not enable the background guard unless you are comfortable with automatic rollback and Gateway restart behavior, and verify the external config-rollback-guard.py helper before trusting it.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A failed check can run unreviewed local rollback code that may change critical OpenClaw configuration.
Core rollback behavior is delegated to a helper outside the supplied skill files, so the most sensitive mutation path cannot be reviewed from the provided artifacts.
self.rollback_script = WORKSPACE_DIR / ".lib" / "config-rollback-guard.py" ... subprocess.run(["python3", str(self.rollback_script), "rollback"], ...)
Package the rollback helper with the skill or pin and verify its path/hash, and document exactly what it changes before users enable automatic rollback.
Once enabled, the guard may continue acting on config changes after the original task, including rollback behavior.
The skill explicitly supports a long-running background guard that watches config changes and acts automatically.
# 常驻守护进程,自动监控 openclaw.json 变更 launchctl start com.openclaw.config-fswatch-guard
Enable the daemon only deliberately, and provide or verify clear stop, disable, logging, and rollback-recovery instructions.
The agent may read or process credential-bearing configuration while users may not expect credential exposure.
The skill recognizes config files containing API keys and credentials as in-scope critical files, despite metadata declaring no credentials and SKILL.md saying it does not access credentials directly.
"agents/*/config.json": {
"critical": ["apiKeys", "credentials"],Declare credential-bearing config access explicitly and limit processing to necessary fields, with redaction for secrets.
Secrets in config changes could be exposed in diff output or retained in the agent context.
The diff result stores raw old and new config values; if changed fields are tokens or API keys, those values can enter agent-visible results or downstream logs.
"old": str(old[key])[:100], "new": str(new[key])[:100]
Redact or hash secret-like fields such as token, key, apiKey, credential, password, and auth before returning or logging diff details.
A config syntax error can lead to automatic local service restart, which may interrupt active work.
The guard can restart the local OpenClaw Gateway through a subprocess; this is purpose-aligned but high-impact operational behavior.
subprocess.run(
[openclaw_bin, "gateway", "restart"],
capture_output=True, text=True, timeout=30
)Use this only where automatic restarts are acceptable, or add user approval/maintenance-window controls before restarting services.