← Back to Skills Marketplace
Config Guard
by
justaboyhai-wq
· GitHub ↗
· v1.0.0
295
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install config-guard-v1
Description
安全修改 OpenClaw 配置文件。用于任何需要修改 ~/.openclaw/openclaw.json 的场景,包括:模型切换、channel 配置、tools 配置、skill 安装等。确保修改前备份、预览(脱敏 key)、并获得用户确认。
README (SKILL.md)
🛡️ Safe Config Modifier
安全修改 OpenClaw 配置文件的标准化流程,防止配置损坏导致服务故障。
⚡ 快速开始
# 1. 预览当前配置(脱敏)
~/.openclaw/skills/safe-config/scripts/preview.sh
# 2. 验证配置合法性
~/.openclaw/skills/safe-config/scripts/validate.sh
# 3. 备份当前配置
cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.backup-$(date +%Y%m%d-%H%M%S)
📋 完整流程
步骤 1: 读取当前配置
# 查看完整配置
cat ~/.openclaw/openclaw.json | jq '.'
# 查看特定字段
cat ~/.openclaw/openclaw.json | jq '.agents.defaults.model'
cat ~/.openclaw/openclaw.json | jq '.channels'
cat ~/.openclaw/openclaw.json | jq '.plugins'
步骤 2: 脱敏预览
使用内置脚本生成安全的预览:
# 完整预览(自动脱敏)
~/.openclaw/skills/safe-config/scripts/preview.sh
# 或手动脱敏
~/.openclaw/skills/safe-config/scripts/sanitize.sh \x3C ~/.openclaw/openclaw.json
脱敏字段: apiKey, token, password, secret, botToken
步骤 2.5: 本地验证
# JSON 语法检查
jq '.' ~/.openclaw/openclaw.json
# 使用验证脚本
~/.openclaw/skills/safe-config/scripts/validate.sh
# 测试 API 连通性(如适用)
curl -s https://api.siliconflow.cn/v1/models -H "Authorization: Bearer test" | jq .
步骤 3: 请求用户确认
⚠️ 关键规则:
- 展示脱敏后的配置变更
- 告知验证结果
- 必须收到确认语才能执行
- 确认语只认:
ojbk可以改了 - ❌ 其他任何同意("好的/可以/OK/收到")都不执行!
步骤 4: 执行修改
# 1. 备份(必需)
cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.backup-$(date +%Y%m%d-%H%M%S)
# 2. 写入新配置(使用 jq 或直接写入)
jq '.新字段 = "新值"' ~/.openclaw/openclaw.json > /tmp/openclaw.json
mv /tmp/openclaw.json ~/.openclaw/openclaw.json
# 3. 重启 Gateway(如需要)
openclaw gateway restart
步骤 5: 验证
# 检查配置写入
jq '.新字段' ~/.openclaw/openclaw.json
# 验证 JSON 合法
jq empty ~/.openclaw/openclaw.json && echo "✅ JSON 合法"
# 检查 Gateway 状态
openclaw gateway status
📖 常用配置示例
模型切换
{
"agents": {
"defaults": {
"model": {
"primary": "siliconflow/Pro/MiniMaxAI/MiniMax-M2.5"
}
}
}
}
添加新模型提供商
{
"models": {
"providers": {
"anthropic": {
"baseUrl": "https://api.anthropic.com/v1",
"apiKey": "sk-ant-***",
"models": [
{
"id": "claude-sonnet-4-20250514",
"name": "Claude Sonnet 4",
"contextWindow": 200000,
"maxTokens": 8192
}
]
}
}
}
}
Channel 配置
{
"channels": {
"telegram": {
"enabled": true,
"botToken": "123456:ABC-DEF***",
"dmPolicy": "pairing",
"groupPolicy": "allowlist"
}
}
}
启用 Telegram 贴纸
{
"channels": {
"telegram": {
"actions": {
"sticker": true
}
}
}
}
Tools 配置
{
"tools": {
"web": {
"search": {
"enabled": true,
"provider": "kimi",
"kimi": {
"apiKey": "sk-***"
}
}
}
}
}
🚫 禁止事项
| 规则 | 说明 |
|---|---|
| ❌ 禁止不备份 | 每次修改必须先备份 |
| ❌ 禁止不脱敏 | 展示给用户前必须脱敏 |
| ❌ 禁止不验证 | 修改前必须验证 JSON 格式 |
| ❌ 禁止口语确认 | 只认"ojbk可以改了" |
| ❌ 禁止忽略错误 | JSON 错误必须修复 |
✅ 正确流程检查清单
- 读取当前配置
- 生成脱敏预览
- 验证 JSON 格式
- 展示给用户
- 等待"ojbk可以改了"
- 备份当前配置
- 执行修改
- 验证写入结果
📂 文件结构
safe-config/
├── SKILL.md # 本文档
├── _meta.json # 元数据(ClawHub)
├── references/
│ └── examples.md # 配置示例
└── scripts/
├── sanitize.sh # 脱敏脚本
├── validate.sh # 验证脚本
└── preview.sh # 预览脚本
🔗 相关链接
Usage Guidance
This skill appears to do what it says (preview, validate, backup, apply changes to ~/.openclaw/openclaw.json) and asks for no credentials, but the scripts intended to mask sensitive fields are brittle and have inconsistent sed patterns that may fail to hide secrets. Before using: (1) inspect and test preview.sh and sanitize.sh locally on a copy of your config to confirm sensitive values are actually masked; (2) prefer running these scripts against a non-production copy of the config first; (3) consider replacing sed-based masking with JSON-aware masking (jq to delete/mask keys) to avoid false negatives; (4) note the strict confirmation phrase ('ojbk可以改了') is brittle — confirm workflow expectations with your team; (5) do not rely solely on the skill's preview to protect secrets until you verify sanitization works.
Capability Analysis
Type: OpenClaw Skill
Name: config-guard-v1
Version: 1.0.0
The skill bundle provides a structured and safety-oriented workflow for modifying OpenClaw configuration files. It includes scripts for sanitizing sensitive fields like API keys and tokens (scripts/sanitize.sh), validating JSON syntax (scripts/validate.sh), and enforcing a mandatory backup and specific user confirmation phrase ('ojbk可以改了') before applying changes. No evidence of data exfiltration, malicious execution, or unauthorized access was found; the logic is consistent with its stated purpose of preventing configuration corruption.
Capability Assessment
Purpose & Capability
Name/description, SKILL.md, and scripts all consistently target safe modification of ~/.openclaw/openclaw.json (preview, validate, backup, apply). No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
Instructions explicitly read, preview (mask), validate, backup, and write ~/.openclaw/openclaw.json — which is appropriate for the stated purpose. However the SKILL.md promises automatic '脱敏' (masking) before display while the actual sanitize/preview scripts have inconsistent/likely-broken sed regexes; if sanitization fails the preview step can leak secrets. The SKILL.md also includes an example external curl command (api.siliconflow.cn) as a test, which is benign but unnecessary for core functionality.
Install Mechanism
Instruction-only with no install spec and no network downloads. Scripts are small shell utilities written into the skill; nothing is fetched from remote sources.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The skill operates on a single expected config path (~/.openclaw/openclaw.json) which matches its purpose.
Persistence & Privilege
Skill is user-invocable and not always-enabled; it does not request elevated or persistent privileges or modify other skills' configs. Autonomous invocation is allowed by platform default but not uniquely privileged here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install config-guard-v1 - After installation, invoke the skill by name or use
/config-guard-v1 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
safe-config v1.0.0
- Initial release of the safe-config skill for secure modification of OpenClaw configuration files.
- Provides standardized workflow: backup, desensitized preview, JSON validation, and explicit user confirmation before any changes.
- Includes shell scripts for previewing, sanitizing, and validating configs.
- Enforces confirmation phrase ("ojbk可以改了") for high operational safety.
- Comprehensive documentation and example configurations for common scenarios included.
Metadata
Frequently Asked Questions
What is Config Guard?
安全修改 OpenClaw 配置文件。用于任何需要修改 ~/.openclaw/openclaw.json 的场景,包括:模型切换、channel 配置、tools 配置、skill 安装等。确保修改前备份、预览(脱敏 key)、并获得用户确认。 It is an AI Agent Skill for Claude Code / OpenClaw, with 295 downloads so far.
How do I install Config Guard?
Run "/install config-guard-v1" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Config Guard free?
Yes, Config Guard is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Config Guard support?
Config Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Config Guard?
It is built and maintained by justaboyhai-wq (@justaboyhai-wq); the current version is v1.0.0.
More Skills