← Back to Skills Marketplace
ether-btc

OpenClaw Config Safety v2

by austrian_guy · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
60
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-config-safety
Description
Validate, normalize, export, and import openclaw.json configs safely with automatic backups and schema checks before applying changes or upgrades.
Usage Guidance
This package appears to implement a sensible config validation and import/export workflow, but there are important things to check before installing or running it: - Verify dependencies yourself: the code and scripts assume the openclaw CLI is available (or set via OPENCLAW_BIN), the `pass` tool is available for import credential resolution, and the shell validator uses `jq`. The registry metadata does not declare these — confirm they exist and are the versions you expect. - Inspect resolve-refs.js (not shown in full here) to confirm how it invokes `pass` and whether it logs or transmits resolved secrets. The design claims it will not print secret values, but review to be sure. - Back up your existing ~/.openclaw/openclaw.json before using the wizard or the validator (the docs already advise this). Even though the tool creates backups, manual backups are prudent. - Treat exported tokens as containing credential reference names only (mrconf:v1 tokens do not include actual keys). Ensure destination machines have matching env vars or pass entries. - If you do not fully trust the source owner (unknown homepage, owner id only), consider running the scripts in a restricted environment (container or VM) and audit the code paths that call external binaries before giving it access to your real OpenClaw installation and secrets. If you want, I can (a) list exact files/lines that invoke external binaries (openclaw, pass, jq, child_process.exec), (b) extract the resolve-refs implementation for a focused review, or (c) suggest a minimal checklist to run the tool safely in a sandbox first.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-config-safety Version: 1.0.0 The bundle provides a comprehensive utility for safely managing, validating, and normalizing OpenClaw configurations (openclaw.json). It features a 'config token' system for sharing configurations using environment variable placeholders (${REF}) rather than actual secrets, which are resolved locally via process.env or the 'pass' utility. While the code uses high-risk functions like execSync (in src/resolve-refs.js and src/doctor-check.js), it employs strict regex validation (REF_REGEX) to prevent command injection and includes explicit logic to avoid logging or exporting sensitive credential values. The behavior is entirely consistent with the stated purpose of preventing gateway crashes due to schema drift.
Capability Tags
requires-sensitive-credentials
Capability Assessment
Purpose & Capability
The skill's name/description (validate, normalize, export/import openclaw.json) matches the included code (normalize.js, export.js, import.js, audit.js, doctor-check.js, restore/backup helpers). However the registry metadata declares 'Required binaries: none' and 'Required env vars: none' while the code and SKILL.md clearly depend on system binaries (openclaw CLI, pass, jq for the shell validator) and Node for running the JS. This is a mismatch (under-declared dependencies) rather than a functional mismatch with stated purpose.
Instruction Scope
SKILL.md and scripts instruct the agent to read/write ~/.openclaw/openclaw.json, create backups, run validation, run `openclaw doctor --fix`, and restart the gateway. Those actions are appropriate for a config-safety tool, but the instructions also resolve credential references by reading process.env and invoking `pass` (import path). The skill's runtime will therefore access environment variables and call system binaries (openclaw, pass, jq) — the SKILL.md does not declare these env/binary accesses explicitly. This grants the skill scope to read sensitive local state (env vars, pass entries) which is necessary for import but should be called out as a security-sensitive operation.
Install Mechanism
There is no install spec (instruction-only), which minimizes remote code downloads. However the skill bundle actually contains many code files and CLI wrappers (bin/openclaw-config-onboard etc.) that will be executed from the user's workspace. No network-based installers or remote archives are used. The lack of an install step is reasonable but the package should declare that it needs Node and relies on local CLI tools.
Credentials
The skill will resolve credential references by checking process.env and invoking `pass` (see EXPORT-TOKEN-SPEC.md and resolve-refs behavior described). That is proportionate to the import feature, but the registry metadata lists no required env vars or binaries. The tool may read any environment variables whose names appear in a token's credentialRefs list (e.g., CEREBRAS_API_KEY). Users must understand that importing will read those env vars or call pass to retrieve secrets; those accesses are not declared in the skill metadata.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide agent settings. It does invoke system-level operations such as restarting the OpenClaw gateway and running `openclaw doctor`, which are expected for a config-management tool. Autonomous invocation is allowed by default but not exceptional here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-config-safety
  3. After installation, invoke the skill by name or use /openclaw-config-safety
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial v2 release: normalize, export/import tokens, interactive wizard. 117 tests.
Metadata
Slug openclaw-config-safety
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is OpenClaw Config Safety v2?

Validate, normalize, export, and import openclaw.json configs safely with automatic backups and schema checks before applying changes or upgrades. It is an AI Agent Skill for Claude Code / OpenClaw, with 60 downloads so far.

How do I install OpenClaw Config Safety v2?

Run "/install openclaw-config-safety" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenClaw Config Safety v2 free?

Yes, OpenClaw Config Safety v2 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does OpenClaw Config Safety v2 support?

OpenClaw Config Safety v2 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenClaw Config Safety v2?

It is built and maintained by austrian_guy (@ether-btc); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments