← Back to Skills Marketplace
Json Modifier
by
WANGJUNJIE
· GitHub ↗
· v1.0.0
754
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install json-modifier
Description
Safely apply structured JSON patches (RFC 6902) to files. Use this skill when you need to update configuration files, package.json, or memory JSONs without r...
README (SKILL.md)
JSON Modifier
A utility for modifying JSON files using RFC 6902 JSON Patch format. Supports precise additions, removals, replacements, moves, copies, and tests.
Usage
# Modify a file in place
node skills/json-modifier/index.js --file path/to/config.json --patch '[{"op": "replace", "path": "/key", "value": "new_value"}]'
# Modify and save to a new file
node skills/json-modifier/index.js --file input.json --patch '[...]' --out output.json
# Use a patch file
node skills/json-modifier/index.js --file input.json --patch-file patches/update.json
Patch Format (RFC 6902)
The patch must be a JSON array of operation objects.
Examples
Replace a value:
[
{ "op": "replace", "path": "/version", "value": "2.0.0" }
]
Add a new key:
[
{ "op": "add", "path": "/features/new_feature", "value": true }
]
Remove a key:
[
{ "op": "remove", "path": "/deprecated_key" }
]
Append to an array:
[
{ "op": "add", "path": "/list/-", "value": "item" }
]
Safety
- Validates patch against document before applying.
- Atomic write (writes to temporary file, then renames).
- Preserves indentation (default: 2 spaces).
Usage Guidance
This skill appears to be what it claims: a safe JSON-patch CLI. Before installing or running it: 1) Verify the file path you or the agent will call (SKILL.md path examples differ from the package layout) so the agent executes the correct script. 2) Run the included test locally (npm install then npm test) in a safe directory to confirm behavior. 3) Be cautious about which files you allow the agent to modify—the tool will overwrite files (atomic rename is used, but data loss can occur if patches are incorrect). 4) Review/lock dependencies if you require stricter supply-chain controls (it uses fast-json-patch from npm). 5) Note tests use child_process.execSync to invoke the CLI locally—that's normal for testing but confirms the package executes local commands.
Capability Analysis
Type: OpenClaw Skill
Name: json-modifier
Version: 1.0.0
The `index.js` script allows reading and writing arbitrary files specified via command-line arguments (`--file`, `--patch-file`). While this functionality is core to its stated purpose of modifying JSON files, it introduces a significant vulnerability. An attacker could potentially leverage this skill by crafting a prompt to the OpenClaw agent, instructing it to modify or read sensitive system configuration files (e.g., `/etc/passwd`, `/etc/sudoers`) or other critical application data, without the skill itself exhibiting explicit malicious intent like data exfiltration or backdoor installation. The `scripts/test.js` also uses `child_process.execSync`, a powerful primitive, though it is used benignly within a controlled test environment.
Capability Assessment
Purpose & Capability
Name and description match the included code: index.js implements a CLI that reads a JSON file and a RFC 6902 patch and writes the result. Minor documentation mismatch: SKILL.md examples reference 'node skills/json-modifier/index.js' while the repo provides index.js at the package root; this is likely a path/documentation inconsistency rather than malicious.
Instruction Scope
SKILL.md only documents CLI usage for applying patches. The code only reads the specified target file/patch file, validates and applies the patch, and performs an atomic write. It does not read other files, environment variables, or network endpoints.
Install Mechanism
No install spec is provided; this is instruction-plus-code. The only dependency is fast-json-patch from the public npm registry (package-lock.json points to registry.npmjs.org). There are no arbitrary downloads, extract steps, or unusual install actions.
Credentials
No environment variables, credentials, or config paths are requested or used. The skill's requested privileges are minimal and aligned with editing local files.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. It does not modify other skills or global agent config.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install json-modifier - After installation, invoke the skill by name or use
/json-modifier - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of json-modifier skill for safely applying JSON Patches (RFC 6902) to files.
- Supports atomic writes, input/output file selection, patch file input, and indentation preservation.
- Enables precise add, remove, replace, move, copy, and test operations on JSON structures.
- Validates patches before applying to ensure document safety and integrity.
Metadata
Frequently Asked Questions
What is Json Modifier?
Safely apply structured JSON patches (RFC 6902) to files. Use this skill when you need to update configuration files, package.json, or memory JSONs without r... It is an AI Agent Skill for Claude Code / OpenClaw, with 754 downloads so far.
How do I install Json Modifier?
Run "/install json-modifier" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Json Modifier free?
Yes, Json Modifier is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Json Modifier support?
Json Modifier is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Json Modifier?
It is built and maintained by WANGJUNJIE (@wanng-ide); the current version is v1.0.0.
More Skills