ClawHub

OpenClaw Safe Config Rollback

v0.1.1

Safely apply OpenClaw config changes with automatic rollback and ack timeout guard. Use when editing ~/.openclaw/openclaw.json, restarting gateway, enabling...

0· 471·3 current·3 all-time
by@wangwu-30
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Functionality (backup → apply → restart → health check → optional ack → rollback) aligns with the name/description. Minor mismatch: registry metadata lists no required binaries, but the script expects system tools (bash, cp, grep, date) and the OpenClaw CLI (openclaw). The ability to operate on an arbitrary --config path is intentional but means the script can target any file the user has permission to modify.
Instruction Scope
SKILL.md instructs running scripts/safe_apply.sh which executes a user-supplied --apply-cmd via bash -lc or an --apply-file. That is necessary for applying deterministic patches but means the tool will execute arbitrary shell commands supplied at runtime (trusted-by-user). The script reads/writes the specified config and uses /tmp for ack/status files (predictable paths). There are no hidden network endpoints or unexplained data exfiltration steps.
Install Mechanism
Instruction-only skill with a bundled shell script and no install spec — lowest installation risk. Nothing is downloaded or written to disk by an installer beyond the included files.
Credentials
The skill declares no required environment variables or credentials, which matches its local nature. The script relies on HOME (implicit) and filesystem access to the config path and /tmp; it will call the 'openclaw' CLI by default. No extraneous secrets or third-party service credentials are requested.
Persistence & Privilege
always is false and the skill does not modify agent-wide config or request persistent privileges. It runs only when invoked by the user/agent and does not attempt to persist beyond its execution.
Assessment
This skill appears coherent and implements the advertised rollback flow, but exercise standard caution: only run it in environments where you trust the apply command/file because --apply-cmd (bash -lc) will execute arbitrary shell code as your user; verify the apply script before running. Ensure the 'openclaw' CLI and required system tools exist or pass --no-restart/--health-cmd as appropriate. Be aware ack files are created in /tmp with predictable names (possible symlink/race risks on shared systems). Consider testing in staging, keeping offsite backups, and explicitly reviewing any apply-file contents before use. It would be better if the skill metadata declared 'openclaw' and basic shell tools as required binaries so installers know the dependency.

Like a lobster shell, security has layers — review code before you run it.

latestvk9770bxch21j90zv79wh7pwnxx81yx3c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments