Claude Settings Editor
v1.0.0Use when the user wants to update Claude settings, hooks, permissions, MCP server toggles, or other JSON config safely and with scope awareness.
⭐ 0· 8·0 current·0 all-time
by@wimi321
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description match the SKILL.md: it intends to edit Claude settings, hooks, permissions, and JSON config. However, the mention of 'MCP server toggles' and other server-level items implies remote or privileged actions that are not reflected anywhere else in the metadata (no credentials, no config paths). This is plausible but under-specified.
Instruction Scope
The runtime instructions explicitly tell the agent to choose a settings file by scope (user, project, local), read the current file, and apply edits. Those operations require filesystem and potentially network access. SKILL.md does not enumerate concrete paths, nor does it require explicit confirmation steps or describe how the agent should authenticate to remote services, so the instructions are ambiguous and could lead the agent to read or modify files beyond an expected limited scope.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to run. That minimizes installation risk — nothing is downloaded or written by an installer.
Credentials
The skill declares no required environment variables or config paths, yet the description and instructions mention server toggles and editing settings that often require credentials or explicit file-path scope. The absence of any declared credentials/config paths is a mismatch and could hide the need to supply sensitive tokens or grant broad file access at invocation time.
Persistence & Privilege
The skill is not always-enabled and uses the platform's default autonomous-invocation setting. It does not request persistent or elevated platform privileges in the metadata.
What to consider before installing
This skill appears to be intended for editing Claude JSON config, but it is under-specified about what files and servers it will touch. Before installing or invoking it: (1) Ask the skill author which exact file paths and scopes (user, project, local) the agent will be allowed to read/write. (2) Confirm whether any MCP or server toggles require credentials or network access — if so, require explicit, scope-limited credentials and out-of-band confirmation before changes. (3) Require the agent to produce a diff and get explicit human approval before writing any file. (4) Keep backups of any settings.json you allow it to edit. (5) Because the skill has no homepage and provenance is limited, prefer conservative usage (limit its file permissions, run in a constrained environment) until you can verify the source. These steps reduce the risk that the agent will read or change unrelated or sensitive configuration.Like a lobster shell, security has layers — review code before you run it.
claude-codeextractedlatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Claude Settings Editor
Use this skill for settings.json, local overrides, and hook configuration.
Workflow
- Choose the correct settings file by scope: user, project, or local.
- Read the current file before editing.
- Apply the smallest valid JSON change.
- Keep permissions, hooks, plugins, and MCP configuration syntactically valid.
- Explain scope, precedence, and any risky config changes.
Guardrails
- Do not replace a config file wholesale unless necessary.
- Preserve unrelated user settings.
- Warn before widening permissions or changing automation hooks broadly.
Source Provenance
Derived from src/skills/bundled/updateConfig.ts.
Files
3 totalSelect a file
Select a file to preview.
Comments
Loading comments…