← Back to Skills Marketplace
jayrizz

OpenClaw Sacred Rules

by AgentUnc · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
466
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-sacred-rules
Description
Provides essential safety rules and tools for managing OpenClaw configs, backups, auth troubleshooting, and recovery to prevent system failures.
Usage Guidance
Before installing or running this skill: (1) Review and fix the reset_cooldowns.sh embedded Python: it hardcodes '/Users/admin/...' which is inconsistent with the shell AUTH_FILE ($HOME) and can cause modifying the wrong file — correct it to use the same $AUTH_FILE path. (2) Recognize these scripts will read/copy/modify sensitive files (~/.openclaw/.env and auth-profiles.json). Only run them on a trusted machine, never as root, and ensure backup directories are private and/or encrypted. (3) Confirm the backup flow: safe_backup.sh copies .env and auth-profiles.json into $HOME/openclaw-backups — ensure that directory has restrictive permissions (700) to avoid leaking secrets. (4) If you do not trust the source, don't run the scripts; instead manually inspect and adapt them (especially remove or correct the hardcoded path and add explicit permission/ownership checks). (5) Ask the publisher or maintainer for clarification of required file/permission access and for a signed canonical source; prefer a skill that declares the exact sensitive files it touches and documents backup storage protections. If you want, I can produce a corrected version of reset_cooldowns.sh (and its Python block) that consistently uses $HOME and adds safety checks and permission-locking for the backup directory.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-sacred-rules Version: 1.0.0 The skill bundle aims to provide safety rules and recovery procedures for OpenClaw configuration, which is a benign purpose. However, the `scripts/reset_cooldowns.sh` script contains a hardcoded absolute path (`/Users/admin/.openclaw/...`) for a critical configuration file, making it non-portable and prone to failure on systems where the user's home directory is different. Similarly, a Python snippet in `references/recovery.md` uses an unexpanded `$HOME` variable within a string, which would also lead to execution failure. These are significant functional vulnerabilities in critical recovery scripts, classifying the bundle as suspicious due to potential operational failures rather than malicious intent.
Capability Assessment
Purpose & Capability
The name/description match the actual scripts: they validate configs, create backups, check auth status, and reset cooldowns. However the manifest declares no required environment or filesystem access while the scripts clearly operate on sensitive OpenClaw files under $HOME/.openclaw (openclaw.json, .env, auth-profiles.json). That mismatch (no declared sensitive access but actual file operations) is unexpected and should be clarified.
Instruction Scope
SKILL.md repeatedly warns 'Never directly read auth-profiles.json' yet scripts (safe_backup.sh and reset_cooldowns.sh) copy and, in the case of reset_cooldowns, parse and modify auth-profiles.json. reset_cooldowns.sh backs up a path using $HOME but the embedded Python uses a hardcoded '/Users/admin/...' path, meaning the script will back up one file and modify another — an incoherence that can result in unexpected modifications or failures. The scripts also copy ~/.openclaw/.env (which contains secrets) to a backup dir; the SKILL.md does not discuss backup protection or permissions.
Install Mechanism
No install spec or external downloads — the skill is instruction-only and provides local scripts. This is lower risk than fetching remote binaries. Still, provided scripts will be written to disk as part of the skill bundle, so they should be audited (as done here).
Credentials
The registry metadata declares no required environment variables or credentials, but the scripts expect and source ~/.openclaw/.env and operate on auth-profiles.json (containing API keys and passwords). Backing up and copying .env and auth-profiles.json is a legitimate need for a backup/recovery tool, but the skill should have explicitly declared that it requires access to these sensitive files and should describe how backups are protected (permissions/encryption).
Persistence & Privilege
always:false and no automatic persistence is requested. The skill does modify OpenClaw files when you run its scripts (intended behavior for a recovery tool) but it does not ask for global/always-on privileges or attempt to change other skills' configurations. The risk is limited to the actions of these scripts when invoked.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-sacred-rules
  3. After installation, invoke the skill by name or use /openclaw-sacred-rules
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
OpenClaw Sacred Rules v1.0.0 – Initial release. - Introduces 8 essential safety rules to prevent OpenClaw system/configuration disasters. - Provides best practices for handling backups, configuration edits, sandbox mode, and authentication. - Includes scripts for safe backup, cooldown reset, config validation, and auth troubleshooting. - Offers references for recovery and reinforces using only approved scripts/commands for interacting with sensitive files. - Designed as a quick-access guide for anyone configuring or maintaining OpenClaw systems.
Metadata
Slug openclaw-sacred-rules
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is OpenClaw Sacred Rules?

Provides essential safety rules and tools for managing OpenClaw configs, backups, auth troubleshooting, and recovery to prevent system failures. It is an AI Agent Skill for Claude Code / OpenClaw, with 466 downloads so far.

How do I install OpenClaw Sacred Rules?

Run "/install openclaw-sacred-rules" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenClaw Sacred Rules free?

Yes, OpenClaw Sacred Rules is completely free (open-source). You can download, install and use it at no cost.

Which platforms does OpenClaw Sacred Rules support?

OpenClaw Sacred Rules is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenClaw Sacred Rules?

It is built and maintained by AgentUnc (@jayrizz); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments