Safe Config Workflow
v1.0.0安全修改 OpenClaw 配置文件,严格查文档确认,自动修复校验,反馈关键信息并记录学习,保障 Gateway 稳定运行。
⭐ 0· 313·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the actions in SKILL.md: it reads/modifies ~/.openclaw/openclaw.json, runs openclaw CLI (doctor, gateway, logs) and writes local notes (MEMORY.md). These capabilities are expected for a configuration workflow. Minor inconsistency: the manifest declared no required config paths, but the instructions clearly operate on ~/.openclaw/openclaw.json and MEMORY.md.
Instruction Scope
Instructions are narrow and prescriptive (confirm with user, run openclaw doctor --fix, diff backups, restart/verify). They do instruct reading logs and config files and writing backups and MEMORY.md. Reading logs may surface sensitive tokens or secrets present in log files — SKILL.md does not explicitly warn to redact secrets. The skill otherwise stays within its stated scope and does not send data to external endpoints.
Install Mechanism
Instruction-only skill with no install spec or third-party downloads. No code executed from external URLs and no packages are installed — low install risk.
Credentials
The skill declares no required environment variables or credentials, which aligns with the lack of cloud integrations. However, it expects filesystem access to ~/.openclaw/openclaw.json and to create/append MEMORY.md; those config paths were not declared in the manifest. No unrelated credentials are requested.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent/system-wide modifications or changing other skills. Its behavior (editing local config, creating a local MEMORY.md) is within scope for a config workflow.
Assessment
This skill appears to do what it claims: help safely edit OpenClaw config using the local openclaw CLI and local files. Before installing or invoking it, consider: (1) Manifest mismatch — the SKILL.md operates on ~/.openclaw/openclaw.json and writes MEMORY.md but the manifest did not declare these config paths; expect the skill to read and write those files. (2) Logs may contain sensitive tokens or secrets — the skill runs openclaw logs --follow and does not explicitly instruct redaction, so review logs for secrets or run tests in a staging environment first. (3) Backup first — follow the TEST-GUIDE (make backups before testing). (4) Verify trust — the package has no homepage/author details beyond a placeholder, and the owner ID is unknown; if you require provenance, ask the publisher for more info or run the workflow in an isolated environment. (5) If you want stricter guarantees, request the maintainer add required config paths to the manifest and an explicit warning about secrets in logs.Like a lobster shell, security has layers — review code before you run it.
latestvk970vcyfmm1zv7ekafg6hbch6h81w1xs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.