ClawHub

Claw Seatbelt

v0.1.2

Provides a 10-second automatic rollback and restart of OpenClaw Gateway if configuration changes cause it to fail, activating only during backup scripts.

0· 417·0 current·0 all-time
by@segasonicye·duplicate of @segasonicye/config-guard
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (automatic rollback when a config change breaks the Gateway during backups) is broadly consistent with the included watchdog.sh which restores a timestamped backup and restarts the Gateway. However the skill.json and SKILL.md declare no required binaries or credentials while the script assumes the presence of an 'openclaw' CLI on PATH and a backup directory at ~/.openclaw/backups. The manifest should declare the openclaw binary dependency and the expected backup path; omission is an incoherence and could lead to runtime failures or unexpected behavior.
!
Instruction Scope
SKILL.md promises 'activating only during backup scripts' and a '10-second automatic rollback', but the script contains no enforcement of 'only during backup scripts' and does not implement a 10-second probe window (it probes immediately and then sleeps 5 seconds after restart). The script will copy the live config, overwrite it with the latest backup, and restart the Gateway — actions that are in-scope for a rollback helper but are not gated or time-limited as the prose implies. There is also an optional-not-implemented comment about notifications; no network endpoints or exfiltration appear in the code.
Install Mechanism
No install spec (instruction-only) — the only shipped code is a local shell script. This is low install risk because nothing is downloaded or extracted. However, running the script will execute commands on the host (openclaw gateway restart), so the user must review the script before running.
Credentials
No environment variables or secrets are requested (appropriate). But the script implicitly relies on $HOME, ~/.openclaw/backups, and the 'openclaw' CLI. The manifest not declaring the required binary is a proportionality/declared-requirement gap. The script writes logs to /tmp and copies config files inside the user's home — these are expected for the stated purpose but you should ensure permissions and backups are acceptable.
Persistence & Privilege
The skill does not request persistent always-on inclusion and does not modify other skills or global agent config. It runs only when invoked (user-invocable) or when the agent chooses to run it; that autonomous invocation is normal. The script itself writes to the user's filesystem (backups, /tmp) which is expected for this tool but not a cross-skill privilege escalation.
What to consider before installing
Before installing or running this skill: (1) Review bin/watchdog.sh line-by-line — it will run openclaw CLI commands, copy your active config, overwrite openclaw.json with the latest file in ~/.openclaw/backups, and restart the Gateway. (2) Confirm you have the 'openclaw' CLI on PATH and that backups exist at ~/.openclaw/backups; the package does not declare this dependency. (3) Expect possible service disruption when the script restarts the Gateway; test in a safe environment first. (4) If you need the advertised behavior ('only during backups' and '10-second rollback'), modify the script to enforce those constraints (e.g., accept a flag, check for a lockfile created by your backup script, implement a 10s poll-and-wait loop rather than immediate rollback). (5) Make a separate copy of your backups before first use; the script will create failed-config-*.json but still overwrites openclaw.json. (6) Consider adding logging/notification and stricter error handling, and update skill.json to declare the openclaw binary requirement and correct version metadata. These inconsistencies look like sloppy packaging rather than deliberate malice, but verify behavior in a controlled test before trusting it in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cwhszynzhaa7bpzb4n63phn81kcrt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Claw Seatbelt 🛡️ (OpenClaw 安全带)

这是一款为你修改 openclaw.json 准备的“安全带”。它不像普通插件那样全天候运行,而是只在你需要修改配置并备份时,提供 10 秒的自动回滚保护。

特色功能

  • 按需保护:仅在运行备份脚本时触发,不浪费系统资源。
  • 10秒无敌险:修改配置后若 Gateway 无法在 10 秒内恢复,自动回退到最新备份并重启。
  • 极简设计:无需复杂配置,即装即用。

Usage

The skill primarily runs as a background watchdog.

Manual Check

./bin/watchdog.sh

How it works

  1. Probes the local Gateway status.
  2. If down, captures the current "broken" config for debugging.
  3. Locates the most recent timestamped backup in ~/.openclaw/backups/.
  4. Restores and restarts the Gateway service.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…