Config Guard

v0.1.0

Provides on-demand 10-second automatic rollback protection when modifying openclaw.json to ensure Gateway stability.

⭐ 0· 876·5 current·5 all-time

by@segasonicye

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for segasonicye/config-guard.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Config Guard" (segasonicye/config-guard) from ClawHub.
Skill page: https://clawhub.ai/segasonicye/config-guard
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install config-guard

ClawHub CLI

Package manager switcher

npx clawhub@latest install config-guard

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description promise (on-demand 10s rollback protection for openclaw.json/Gateway) matches the included runtime instructions and bin/watchdog.sh: it probes gateway status, finds the latest ~/.openclaw/backups/openclaw-*.json, copies it into place, and restarts the gateway via the openclaw CLI.

ℹ

Instruction Scope

SKILL.md only instructs running ./bin/watchdog.sh and the script's behavior stays within that scope. However the script reads/writes $HOME/.openclaw/openclaw.json and ~/.openclaw/backups/, copies files, and writes logs to /tmp/openclaw-watchdog.log — these operations touch potentially sensitive configuration and produce files that may contain secrets. The script also assumes the presence and integrity of the openclaw CLI.

✓

Install Mechanism

No install spec or external downloads; this is an instruction-only skill with a small bundled shell script. Nothing is fetched from remote hosts and no archives are extracted.

ℹ

Credentials

The skill declares no credentials or special env vars, which is consistent. It does use $HOME and standard filesystem paths (~/.openclaw and /tmp). Because it copies configs and creates backups/logs, users should recognize it will handle files that may contain sensitive tokens; that access is proportionate to the stated purpose but still sensitive.

✓

Persistence & Privilege

always is false and the skill is user-invocable only. It does not request permanent agent presence or modify other skills/config; it runs only when the user invokes the script.

Assessment

This skill is small and coherent, but inspect and run it carefully: 1) Ensure you trust the openclaw CLI on your PATH — the script calls it with status and restart commands. 2) Check ownership/permissions of ~/.openclaw and ~/.openclaw/backups: if those dirs are writable or symlinked by an untrusted user, cp/ls operations could be abused (symlink/TOCTOU). 3) Logs are written to /tmp/openclaw-watchdog.log which is world-writeable by default on some systems; consider changing the log path or securing /tmp to avoid information disclosure or symlink attacks. 4) Backups and failed-config copies may contain sensitive credentials — secure backup storage and access. 5) Run the script manually in a safe environment first to confirm behavior; you may want to add stricter checks (atomic file replacement, secure temporary files, explicit permission checks) before using it in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk972f4j7z6a76cbc6zbbvwhj8h81j815

876downloads

0stars

1versions

Updated 2mo ago

v0.1.0

MIT-0

Claw Seatbelt 🛡️ (OpenClaw 安全带)

这是一款为你修改 openclaw.json 准备的“安全带”。它不像普通插件那样全天候运行，而是只在你需要修改配置并备份时，提供 10 秒的自动回滚保护。

特色功能

按需保护：仅在运行备份脚本时触发，不浪费系统资源。
10秒无敌险：修改配置后若 Gateway 无法在 10 秒内恢复，自动回退到最新备份并重启。
极简设计：无需复杂配置，即装即用。

Usage

The skill primarily runs as a background watchdog.

Manual Check

./bin/watchdog.sh

How it works

Probes the local Gateway status.
If down, captures the current "broken" config for debugging.
Locates the most recent timestamped backup in ~/.openclaw/backups/.
Restores and restarts the Gateway service.

Comments

Loading comments...