← Back to Skills Marketplace
436
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install elegant-config-guardian
Description
Safely apply OpenClaw config changes with automatic rollback and ack timeout guard. Use when editing ~/.openclaw/openclaw.json, restarting gateway, enabling...
README (SKILL.md)
Elegant Config Guardian
Use scripts/safe_apply.sh to enforce: backup → apply → restart → health check → optional ack wait → rollback on failure.
Run
bash scripts/safe_apply.sh \
--config ~/.openclaw/openclaw.json \
--apply-cmd 'python3 /tmp/patch.py' \
--ack-timeout 60 \
--require-ack
Ack mode
When --require-ack is enabled, the script prints an ack token file path.
A successful manual ack is:
touch \x3Cack-file-path>
If timeout expires without ack, rollback is triggered automatically.
Defaults
- Health probe command:
openclaw gateway statusand requireRPC probe: ok - Restart command:
openclaw gateway restart - Backup file:
\x3Cconfig>.bak.YYYYmmdd-HHMMSS
Recommended workflow
- Prepare a deterministic patch command (
--apply-cmd). - Run with
--require-ack --ack-timeout 45for production changes. - Verify health.
- Ack explicitly only after end-to-end validation.
- Let timeout auto-rollback if validation cannot complete in time.
Usage Guidance
This skill is internally coherent but treat it as powerful: it will overwrite your OpenClaw config and restart the gateway. Before running: 1) Ensure the 'openclaw' CLI is installed and functional (the script assumes it though the metadata doesn't declare it). 2) Carefully review and control the --apply-cmd you provide — the script uses eval and will execute whatever you pass (use a deterministic script you inspected, not untrusted input). 3) Run first in a safe/test environment to verify the health-check string and restart behavior. 4) Verify filesystem ownership and that backups are stored where you expect; be cautious with symlinked config files and permissions to avoid accidental overwrite of unintended files. 5) Prefer running as a user with just enough privileges (not root) unless elevated rights are required. If you want higher assurance, request that the skill metadata be updated to declare the 'openclaw' binary requirement and, optionally, replace eval usage with a safer invocation pattern.
Capability Analysis
Type: OpenClaw Skill
Name: elegant-config-guardian
Version: 0.1.0
The skill's core script, `scripts/safe_apply.sh`, uses `eval "$APPLY_CMD"` to execute a user-provided command. This creates a severe shell injection vulnerability, allowing arbitrary command execution (RCE) with the privileges of the OpenClaw agent. While the skill's stated purpose is to safely apply configuration changes and the code itself does not contain explicit malicious payloads or instructions for data exfiltration, persistence, or unauthorized access, this critical flaw makes it highly exploitable, classifying it as suspicious.
Capability Assessment
Purpose & Capability
The script implements exactly the advertised behaviour (safe apply + rollback + optional ack). One minor mismatch: the registry metadata lists no required binaries, but the runtime script expects the 'openclaw' CLI (and standard Unix tools like cp, grep). Declaring 'openclaw' as a required binary would be appropriate.
Instruction Scope
SKILL.md and the script are narrowly scoped to operating on the specified config file, restarting the gateway, and checking health. The script runs the user-supplied --apply-cmd via eval, which necessarily allows arbitrary commands — this is expected for a patch/apply hook but increases the importance of ensuring the apply command is trustworthy and deterministic.
Install Mechanism
No install spec or external downloads are present; this is an instruction-only skill with a small bundled shell script. Nothing is written to disk by an installer.
Credentials
The skill requests no secrets or environment variables. It accesses $HOME (default config path) and /tmp for ack/status files — appropriate for its purpose. No unrelated credentials or config paths are requested.
Persistence & Privilege
The skill is user-invocable (not always:true) and doesn't attempt to persistently modify other skills or system-wide settings. It does restart the gateway and overwrite the config (expected given its purpose), so it needs the privilege to manage the OpenClaw gateway when invoked.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install elegant-config-guardian - After installation, invoke the skill by name or use
/elegant-config-guardian - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial elegant release: guarded config apply + auto rollback
Metadata
Frequently Asked Questions
What is Elegant Config Guardian?
Safely apply OpenClaw config changes with automatic rollback and ack timeout guard. Use when editing ~/.openclaw/openclaw.json, restarting gateway, enabling... It is an AI Agent Skill for Claude Code / OpenClaw, with 436 downloads so far.
How do I install Elegant Config Guardian?
Run "/install elegant-config-guardian" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Elegant Config Guardian free?
Yes, Elegant Config Guardian is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Elegant Config Guardian support?
Elegant Config Guardian is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Elegant Config Guardian?
It is built and maintained by wangwu-30 (@wangwu-30); the current version is v0.1.0.
More Skills