ClawHub

Config-Sentinel

v1.0.0

A strict guardrail for OpenClaw config changes. Snapshot before editing, validate after editing, and rollback immediately when config health fails. Built to...

1· 73·0 current·0 all-time
by@mike-alford
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name, SKILL.md, and included script align: it snapshots (~/.openclaw/.sentinel), validates (~/.openclaw/openclaw.json by default), and can rollback. Minor mismatch: the script relies on python3 (and optionally git) but the registry metadata did not list these as required binaries.
Instruction Scope
SKILL.md and scripts/sentinel.sh stay within scope: they read the configured OpenClaw config file, optionally check files referenced by agent workspaces, create backups, commit/restore from git if available, and validate JSON/structure. No external network endpoints or data exfiltration are present in the script.
Install Mechanism
Instruction-only skill with a bundled Bash script; no install/downloads or package installs. Nothing is fetched from external URLs or written outside the sentinel/config directories except for restoring the target config file (intended behavior).
Credentials
No credentials or secrets are required. Optional env vars control paths and validation toggles (including a flag to check Telegram tokens). The script reads config content (which may contain tokens) but does not transmit them externally; ensure you understand that sensitive tokens may be read and potentially appear in local logs/backups.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It writes backups and logs to ~/.openclaw/.sentinel and may overwrite the config on rollback — this is expected for a rollback tool, not an unexplained privilege escalation.
Assessment
This skill appears to do exactly what it claims: take backups, validate OpenClaw config, and restore it if needed. Before installing or running it: 1) inspect scripts/sentinel.sh yourself (you have it) and confirm you trust it; 2) ensure python3 is available (the script uses python3 inline) and git is available if you want git snapshots; 3) be aware it will write backups/logs to ~/.openclaw/.sentinel and may overwrite ~/.openclaw/openclaw.json on rollback — ensure directory permissions and storage are acceptable; 4) remember to run scripts/sentinel.sh pre-change before editing and obtain human approval as recommended; 5) if your config contains secrets (API tokens) consider where backups/logs are stored and whether they need extra protection. Overall: coherent and appropriate for its purpose, with the small metadata/requirements mismatch noted above.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d266ntj7h3kpss7art8ts6983j8zb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments