ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Safe Config Workflow

v1.0.1

提供安全修改 OpenClaw 配置的全流程管理,确保变更前确认、自动修复、备份对比及运行验证,保障系统稳定。

0· 416·0 current·0 all-time
by@nicoxia·duplicate of @nicoxia/safe-config-workflow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (safe config workflow) aligns with the requested actions: reading and editing ~/.openclaw/openclaw.json, running openclaw doctor/gateway/logs, diffing backups, and recording lessons. No unrelated credentials, binaries, or network endpoints are required.
Instruction Scope
SKILL.md confines runtime actions to local CLI operations (openclaw doctor --fix, gateway restart/status, logs, diff, editing files, sleep). It mandates explicit user confirmation before changes and prescribes comparing backups and verifying Gateway. These instructions are within scope for a configuration-management helper. Note: doctor --fix is an automatic fixer; the skill correctly emphasizes user confirmation and backups.
Install Mechanism
No install spec or code is provided (instruction-only). No downloads or archive extraction are present. package.json is metadata only. This minimizes on-disk installation risk.
Credentials
The skill declares no required environment variables, credentials, or config paths beyond the user-local OpenClaw config (~/.openclaw/openclaw.json and its backups). Requested accesses are proportional to the stated task. The MEMORY.md write/read is an expected local artifact for recording lessons.
Persistence & Privilege
Flags show always:false and user-invocable:true. The skill does not request permanent/global privileges or modify other skills' configs. Its operations modify local OpenClaw config only after user confirmation, which is appropriate for this type of skill.
Assessment
This skill appears coherent and limited to local OpenClaw configuration tasks. Before using it: (1) ensure you have a recent backup of ~/.openclaw/openclaw.json (the SKILL already recommends this); (2) review and approve any proposed changes when the skill prompts for confirmation (doctor --fix can automatically change files); (3) be aware tests that intentionally break the Gateway will cause temporary downtime; (4) inspect MEMORY.md if you want to control what lessons are stored locally. If you want extra caution, run the commands manually the first few times instead of letting the agent execute them autonomously.

Like a lobster shell, security has layers — review code before you run it.

chinesevk974hx3wyqrevepkx444b5wwwx81xf8sconfigvk974hx3wyqrevepkx444b5wwwx81xf8slatestvk97717x0qkywskjqsk8tx4c1wn81xwebsafetyvk974hx3wyqrevepkx444b5wwwx81xf8sworkflowvk974hx3wyqrevepkx444b5wwwx81xf8s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments