Config Safe

v1.0.0

安全地修改 OpenClaw 配置。先读取官方最新文档，理解配置结构和验证规则，预览变更，验证无误后再写入。**绝不直接修改配置**，所有变更都需要用户确认。触发词："修改配置"、"更改配置"、"配置 openclaw"、"设置 openclaw"、"config"。

⭐ 0· 1.3k·6 current·6 all-time

by@glfruit

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name and description match the instructions: all commands and file references are about reading, validating, previewing, and optionally writing OpenClaw configuration. There are no unrelated environment variables, binaries, or install steps requested.

ℹ

Instruction Scope

Instructions stay within the config-editing domain (use openclaw CLI to get schema, preview, validate, patch/apply, and check status). Two things to note: it reads local documentation from a Homebrew-style path (/opt/homebrew/...), which assumes a specific install layout, and it references editing ~/.openclaw/openclaw.json (which is expected for recovery but is a local file write). The SKILL.md emphasizes explicit user confirmation before writing, which is appropriate and important.

✓

Install Mechanism

Instruction-only skill with no install spec and no code files; nothing is downloaded or written to disk by the skill package itself.

ℹ

Credentials

The skill requests no environment variables or external credentials. It does handle sensitive fields (e.g., botToken) in config payload examples — this is expected for a config tool, but users should ensure tokens are not leaked when previews are shown or logged.

✓

Persistence & Privilege

always is false and the skill has no install-time persistence. It expects to invoke the local openclaw CLI to perform operations; it does not request modifications to other skills or system-wide settings.

Assessment

This skill appears coherent and safe in design, but before installing: (1) confirm the agent platform will enforce an explicit interactive confirmation step before running any write (config.patch/config.apply) — don't rely on trust in text alone; (2) ensure the 'openclaw' CLI is the legitimate local binary you expect and that the documented paths (/opt/homebrew/...) match your installation; (3) back up your current ~/.openclaw/openclaw.json or system config before applying changes; (4) be cautious with secrets (botToken) — verify that previews redact or never transmit tokens externally; (5) if you require stronger guarantees, restrict the skill to user-invocable only or disable autonomous invocation at the agent/platform level.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ev10jdcz18xaqg83nnyqmv980vz58

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Config Safe

License

Comments