Assistant Configurator
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherently focused on OpenClaw configuration management, but it documents commands that can change assistant behavior and store integration credentials, so users should review changes before applying them.
Install only if you want an assistant skill that can help modify OpenClaw settings. Before applying any suggested config patch or restart, ask to see the exact change, back up the current configuration, and keep API keys or bot tokens limited and private.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unwanted configuration patch could change model routing, channel behavior, or require a service restart.
The skill documents raw gateway configuration patches and service restart actions, which can materially change OpenClaw behavior. This is aligned with the skill's configuration purpose, but users should approve and verify such changes.
gateway({
action: "config.patch",
raw: JSON.stringify({ ... })
}) ... gateway({action: "restart"})Review proposed config.patch contents before applying them, back up current configuration, and make one change at a time as the skill itself recommends.
If real tokens are entered into the wrong configuration or shared in chat/logs, external service accounts could be exposed or misused.
The skill shows configuration examples involving provider/API credentials. These credentials are expected for message channels and web search, but they grant access to external services.
telegram: {
botToken: "YOUR_BOT_TOKEN",
enabled: true
} ... openclaw configure --section web --key BRAVE_API_KEY --value "your-api-key"Use least-privilege tokens where possible, avoid pasting secrets into unnecessary contexts, and rotate credentials if they are accidentally exposed.