← Back to Skills Marketplace
Gateway Validator
by
loopintoai
· GitHub ↗
· v1.0.0
· MIT-0
336
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install gateway-validator
Description
Validate OpenClaw gateway configuration changes before applying them to production. Use when the user wants to change models, API keys, providers, or any gat...
README (SKILL.md)
Gateway Validator
Safely validate gateway config changes before they break production.
How It Works
Primary approach:
- Create temp config with your changes
- Start isolated test gateway on different port
- Send test completion request
- Works? → Apply to production
- Fails? → Block and show error
Fallback approach (when isolated gateway can't start):
- Validate config syntax
- Test provider APIs directly (check API keys, models)
- Works? → Apply to production
- Fails? → Block and show error
Usage
I'll automatically use this when you request gateway changes:
- "Change model to gpt-4o"
- "Update API key"
- "Switch to anthropic"
- Any config modification
Examples
Bad API Key
You: "Set API key to fake-key"
Me: "🧪 Testing changes...
❌ API key is invalid
Config unchanged."
Bad Model
You: "Use model gpt-99"
Me: "🧪 Testing changes...
❌ Model not found
Config unchanged."
Valid Change
You: "Change temperature to 0.5"
Me: "🧪 Testing changes...
✅ Test passed
✅ Config updated"
Technical Details
Level 1: Config Syntax
- YAML valid?
- Required fields present?
- Value ranges valid (temp 0-2, etc.)?
Level 2: Provider Test (direct API calls)
- API key valid?
- Model exists?
- Can connect to provider?
Level 3: Full Gateway Test (when possible)
- Start temp gateway
- Send completion request
- Verify end-to-end works
Limitations
- Isolated gateway test requires systemd/launchd (not available in all containers)
- When isolated test unavailable, falls back to provider-level validation
- Provider testing needs ~5-10 seconds for API calls
Usage Guidance
This skill appears to do what it says, but it touches sensitive areas:
- It reads your OpenClaw config (from ~/.openclaw and /etc), so provider API keys stored there will be read and sent to the provider endpoints to validate credentials — this is required for validation but is sensitive.
- It can overwrite the production config and restart the gateway (apply_change.py). Confirm whether you (or your agent) want automated apply+restart behavior; prefer a manual confirmation step before applying changes.
- The temporary gateway start/port detection is imperfect in the scripts; consider running the validation in a safe staging environment first.
Recommendations before installing/using:
1) Review your config file contents for secrets you don't want transmitted. If you prefer, remove or mask non-essential keys before running validation.
2) Run provider validation (scripts/test_provider.py or scripts/validate_config.py) manually to observe behavior before enabling autonomous agent-run operations.
3) Ensure backups are accessible (apply_change.py creates backups under the config directory) and that you have a rollback plan.
4) Restrict the agent so it asks for explicit confirmation before running apply_change.py or performing restarts.
If you want, I can extract the exact commands the skill would run for a dry-run and suggest a safer invocation policy (e.g., validation-only mode without auto-apply).
Capability Analysis
Type: OpenClaw Skill
Name: gateway-validator
Version: 1.0.0
The bundle provides a suite of tools for managing OpenClaw gateway configurations, including scripts for syntax validation, API key testing, and service management. It is classified as suspicious due to its high-risk capabilities: the ability to read and overwrite production configuration files containing sensitive credentials (scripts/apply_change.py) and the use of subprocesses to execute system commands (scripts/test_gateway.py). While these actions are aligned with the stated goal of safely updating gateway settings, they represent a significant attack surface that could be exploited to modify system behavior or access sensitive API keys if the AI agent is compromised via prompt injection.
Capability Assessment
Purpose & Capability
The name/description match what the files implement: reading OpenClaw config, validating syntax, testing providers via their HTTP APIs, optionally starting a temp gateway, and applying validated config to production. Required actions (reading ~/.openclaw and /etc config, calling provider endpoints, invoking the 'openclaw' binary, backing up and writing config files) are expected for this purpose.
Instruction Scope
SKILL.md promises automatic validation and the scripts implement the three validation levels. The scripts will read config files (home and /etc), perform network requests to provider endpoints using API keys found in the config, may start processes (openclaw gateway), and can apply changes to production. All of these are within scope, but they involve transmitting sensitive API keys and performing production changes — the README's claim to 'automatically use this when you request gateway changes' means the agent could run these operations without further manual checks unless the agent is constrained.
Install Mechanism
No install spec; this is instruction+script-only. No external downloads or package installs are declared. The code uses standard Python stdlib and attempts to import PyYAML if available; lack of install spec means nothing is written to disk by an installer beyond whatever the agent runtime does when executing the included scripts.
Credentials
The skill doesn't request environment variables or external credentials directly, but it reads provider API keys from the OpenClaw config files (e.g., ~/.openclaw/config.yaml or /etc/openclaw/*). Sending those API keys to provider endpoints is necessary for validation, but is sensitive. The scripts do not request unrelated credentials; they do expect read/write access to config paths and ability to execute the 'openclaw' binary.
Persistence & Privilege
The skill includes apply_change.py which will overwrite the production config file (after creating a backup) and attempt to restart the gateway via 'openclaw gateway restart'. While this is coherent with the stated purpose, it's a high-impact operation: if the agent invokes apply_change without explicit user confirmation the production gateway could be changed or restarted unexpectedly. The skill is not 'always: true', but the SKILL.md says it will be used 'automatically' when the user requests gateway changes — make sure the agent prompts the user before performing apply/change actions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install gateway-validator - After installation, invoke the skill by name or use
/gateway-validator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Validate OpenClaw gateway configuration changes before applying them to production.
Metadata
Frequently Asked Questions
What is Gateway Validator?
Validate OpenClaw gateway configuration changes before applying them to production. Use when the user wants to change models, API keys, providers, or any gat... It is an AI Agent Skill for Claude Code / OpenClaw, with 336 downloads so far.
How do I install Gateway Validator?
Run "/install gateway-validator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Gateway Validator free?
Yes, Gateway Validator is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Gateway Validator support?
Gateway Validator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Gateway Validator?
It is built and maintained by loopintoai (@loopintoai); the current version is v1.0.0.
More Skills