← Back to Skills Marketplace
314
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install oc-guard-skill
Description
Safe OpenClaw config planning/apply workflow with bilingual execution receipts.
Usage Guidance
This skill appears to do what it claims: a local Python CLI that gates OpenClaw config changes via plan/apply, performs backups, and emits signed bilingual receipts. Before installing or allowing autonomous invocation, check: 1) verify the openclaw and opencode binaries on your system are the official tools the script will call (the script runs them via subprocess), 2) review scripts/oc-guard.py (it will create a receipt secret file at ~/.openclaw/.ocguard_receipt_secret and logs in /tmp) and confirm you are comfortable with those local files, 3) run the provided smoke checks (python3 -m py_compile scripts/oc-guard.py and scripts/oc-guard.py plan --proposal templates/proposal.template.json) and inspect outputs, and 4) ensure /tmp diagnostic files (e.g., /tmp/oc-guard-last-opencode-output.txt) are handled as they may contain local diagnostic output. The skill does not request external credentials and does not contain hardcoded remote endpoints, but it does invoke external CLIs — only proceed if those CLIs are trusted. If you want extra assurance, run the script in a sandbox or inspect the remainder of the script not included in the truncated listing.
Capability Analysis
Type: OpenClaw Skill
Name: oc-guard-skill
Version: 1.1.2
The oc-guard-skill is a well-architected configuration management tool for OpenClaw, designed specifically to prevent accidental misconfiguration. The core script (scripts/oc-guard.py) implements several defensive security patterns, including a strict path allowlist for configuration edits, automatic backups before applying changes, automated rollbacks if the service fails to restart or pass canary checks, and regex-based masking of sensitive keys (secrets/tokens) in output logs. While it interacts with sensitive configuration files and executes system commands via subprocess, its behavior is transparent, heavily documented in SKILL.md and docs/SAFETY.md, and strictly aligned with its stated purpose of providing a 'safe' configuration workflow.
Capability Assessment
Purpose & Capability
Name/description (oc-guard: safe config plan/apply) match the included files and required binaries. The script implements plan/apply, path allowlists, validation, backup/rollback, and bilingual receipts. Required binaries (python3, openclaw, opencode) are appropriate for the stated purpose.
Instruction Scope
SKILL.md directs agents to run the bundled CLI and enforce plan/apply/gating rules; it does not ask the agent to read unrelated system files or external endpoints. The repository docs and AGENTS.md warn not to publish secrets and call out diagnostic files in /tmp; these behaviors align with the script.
Install Mechanism
There is no install spec (instruction-only with a bundled script). That is low-risk and coherent: the repo expects the script to be made executable and linked into ~/.local/bin optionally. No external download URLs or archive extracts are present.
Credentials
The skill declares no required env vars but supports a set of optional environment overrides (OPENCLAW_HOME, OCGUARD_*, etc.). The script will create a local receipt secret file (~/.openclaw/.ocguard_receipt_secret) if OCGUARD_RECEIPT_SECRET is not provided. This is proportionate to producing signed receipts but users should be aware of the local secret file and the optional env overrides.
Persistence & Privilege
The skill does not request always:true and is user-invocable only — normal defaults. It writes a local receipt secret and log files under ~/.openclaw and /tmp and may create backups under ~/.openclaw/config-backups. These are scoped to the user's environment and are expected for a config guard; users should confirm they are comfortable with these local files being created.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install oc-guard-skill - After installation, invoke the skill by name or use
/oc-guard-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.2
Include .py CLI entrypoint and align skill/docs checks for ClawHub package consistency.
v1.1.1
Add official validation, drift/canary safety checks, and package metadata consistency updates.
v1.0.3
Improve plan diagnostics and enforce no-bypass safety rule
Metadata
Frequently Asked Questions
What is Oc Guard Skill?
Safe OpenClaw config planning/apply workflow with bilingual execution receipts. It is an AI Agent Skill for Claude Code / OpenClaw, with 314 downloads so far.
How do I install Oc Guard Skill?
Run "/install oc-guard-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Oc Guard Skill free?
Yes, Oc Guard Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Oc Guard Skill support?
Oc Guard Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Oc Guard Skill?
It is built and maintained by edmond (@edmond-ai); the current version is v1.1.2.
More Skills