ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Cfg Safe Edit

v1.0.0

OpenClaw 配置文件修改前的验证规则。用于在修改 openclaw.json 或任何配置文件之前查询文档确认配置项可用性,避免因 OpenClaw 版本更新导致配置不兼容的问题。

0· 186·0 current·0 all-time
by@leon2023happy

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for leon2023happy/openclaw-cfg-safe-edit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Openclaw Cfg Safe Edit" (leon2023happy/openclaw-cfg-safe-edit) from ClawHub.
Skill page: https://clawhub.ai/leon2023happy/openclaw-cfg-safe-edit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-cfg-safe-edit

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-cfg-safe-edit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes validating OpenClaw configuration edits, which fits the skill name. However, the instructions assume the presence of a locally installed OpenClaw package and CLI (e.g., files under /home/root1/.npm-global/lib/node_modules/openclaw and the 'openclaw' gateway command) while the skill metadata declares no required binaries or environment variables. That mismatch (calling a local CLI but not declaring it) is incoherent.
!
Instruction Scope
Instructions tell the agent to run shell commands that list and grep a specific absolute path (/home/root1/.npm-global/...) and to invoke 'openclaw gateway config.schema.lookup'. These actions require file-system access and a specific user layout. Hard-coded paths tied to a particular user account are unexpected for a generic skill and could lead to incorrect behavior or unintended access to user files. The skill also instructs consulting online docs, which is reasonable, but the local-path reliance is problematic.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which is low-risk from an installation perspective. Nothing is downloaded or written to disk by the skill itself.
!
Credentials
The skill declares no required env vars or credentials, yet its instructions implicitly require access to a user's filesystem and an installed 'openclaw' CLI. The lack of declared required binaries (openclaw) and the use of an absolute home-directory path are disproportionate and ambiguous. A well-scoped skill should declare required binaries or use portable references (e.g., $HOME or a discovery step).
Persistence & Privilege
The skill is not set to always: true and does not request persistent/system-wide settings. It does not modify other skills or agent configuration according to the provided files.
What to consider before installing
This skill's goal (validate OpenClaw config changes) is reasonable, but the SKILL.md hard-codes a local path (/home/root1/...) and assumes an 'openclaw' CLI without declaring it. Before installing: 1) ask the skill author to remove hard-coded user paths and use $HOME or a discovery step; 2) require the skill metadata to declare the 'openclaw' binary (or document it); 3) confirm the agent will only access intended config files (not arbitrary home dirs); and 4) test in a safe environment. If you do not control /home/root1 or do not have the openclaw CLI installed, do not enable autonomous invocation until these issues are fixed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cwq9pma1m22bd74gvte9csx837wyb
186downloads
0stars
1versions
Updated 22h ago
v1.0.0
MIT-0
@leon2023happy
latest
Download

配置验证规则

触发条件

当用户请求修改以下内容时自动触发:

  • openclaw.json
  • config/*.json
  • 任何 OpenClaw 配置文件

验证流程

1. 查询本地文档

在修改配置前,先查询文档目录:

# 列出文档结构
ls /home/root1/.npm-global/lib/node_modules/openclaw/docs

# 搜索相关配置项
grep -r "<配置项名称>" /home/root1/.npm-global/lib/node_modules/openclaw/docs/ --include="*.md"

2. 查阅配置 schema

查询配置 schema 确认字段定义:

# 查看配置 schema 目录
ls /home/root1/.npm-global/lib/node_modules/openclaw/docs/cli/

# 或使用 gateway 工具查询 schema
openclaw gateway config.schema.lookup <dot-path>

3. 验证后再修改

确认配置项:

  • 存在于当前版本的文档中
  • 用法正确
  • 类型匹配

如果文档中没有该配置项:

常见配置项参考

  • gateway.* - 网关配置
  • plugins.* - 插件配置
  • channels.* - 通道配置
  • models.* - 模型配置
  • storage.* - 存储配置

Comments

Loading comments...