ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

安全配置流程 (Nico)

v1.0.0

安全修改 OpenClaw 配置文件,自动检查、修复并验证修改,确保配置有效且系统稳定运行。

0· 382·0 current·0 all-time
by@nicoxia·duplicate of @nicoxia/safe-config-workflow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match what the SKILL.md instructs: all runtime actions are about reading/modifying ~/.openclaw/openclaw.json, running openclaw doctor, restarting/verifying the Gateway, and recording lessons. No unrelated binaries, env vars, or external services are requested.
Instruction Scope
Instructions are narrowly scoped to config editing, validation, backups, diffing, and Gateway diagnostics. Two notes: (1) it reads logs (openclaw logs --follow) which may contain sensitive tokens/credentials — outputs should be filtered before being saved/shared; (2) it repeatedly instructs writing lessons to MEMORY.md but does not specify the path or handling rules for that file (risk of persisting sensitive values if not sanitized). The skill also enforces user confirmation before changes, which limits autonomous destructive behavior.
Install Mechanism
Instruction-only skill with no install spec and no bundled code to write to disk. This is low-risk from installation perspective.
Credentials
No environment variables, credentials, or config paths are requested beyond reading ~/.openclaw/openclaw.json and its backups, which is appropriate for a config-editing workflow. Requested CLI commands (openclaw doctor/logs/gateway) are proportional to the stated purpose.
Persistence & Privilege
Skill is not always-enabled and does not request persistent privileges or modify other skills. It asks the agent to write a MEMORY.md record (local persistence) but does not attempt to change global agent configuration or require elevated system privileges.
Assessment
This skill appears coherent and implements a conservative workflow (confirm before change, backup, diff, validate, test). Before installing/use, ensure you: 1) have current backups of ~/.openclaw/openclaw.json (the TEST-GUIDE also recommends this); 2) review any MEMORY.md created by the skill and do not store secrets or tokens there — decide and document where MEMORY.md will live and who can read it; 3) be cautious when exposing doctor or logs output — inspect and redact any secrets before saving or sharing logs; 4) run the workflow in a staging environment or off-hours for critical systems (Test 3 explicitly can take Gateway down); and 5) verify the openclaw CLI and docs referenced are the official ones in your environment. Overall this skill is coherent with its purpose; follow the precautions above to avoid accidental persistence of sensitive values.

Like a lobster shell, security has layers — review code before you run it.

chinesevk970jw7mmgycp6dqfdb2vzhnxd81wpj9configvk970jw7mmgycp6dqfdb2vzhnxd81wpj9latestvk970jw7mmgycp6dqfdb2vzhnxd81wpj9safetyvk970jw7mmgycp6dqfdb2vzhnxd81wpj9workflowvk970jw7mmgycp6dqfdb2vzhnxd81wpj9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments