← Back to Skills Marketplace
romainsantoli-web

Firm Config Migration Pack

by romainsantoli-web · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
308
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install firm-config-migration-pack
Description
Configuration migration and integrity audit pack. Shell env sanitization, plugin integrity, token separation, OTEL redaction, and RPC rate limiting. 5 migrat...
README (SKILL.md)

firm-config-migration-pack

⚠️ Contenu généré par IA — validation humaine requise avant utilisation.

Purpose

Validates configuration migration safety: shell environment sanitization (LD_PRELOAD, DYLD_*), plugin integrity via SHA-256 manifest verification, token separation enforcement, OpenTelemetry PII redaction, and RPC rate limiting.

Tools (5)

Tool Description Severity
openclaw_shell_env_check Shell environment sanitization (LD_/DYLD_) HIGH
openclaw_plugin_integrity_check Plugin SHA-256 manifest drift detection HIGH
openclaw_token_separation_check Token separation enforcement HIGH
openclaw_otel_redaction_check OTEL PII redaction validation MEDIUM
openclaw_rpc_rate_limit_check RPC rate limiting configuration MEDIUM

Usage

skills:
  - firm-config-migration-pack

# Audit configuration before migration:
openclaw_shell_env_check config_path=/path/to/config.json
openclaw_plugin_integrity_check config_path=/path/to/config.json

Requirements

  • mcp-openclaw-extensions >= 3.0.0
Usage Guidance
This skill appears to describe legitimate configuration and integrity checks, but it is instruction-only and depends on an external extension (mcp-openclaw-extensions) that is not included or linked. Before installing or running: 1) Verify the source and publisher of mcp-openclaw-extensions and obtain its code or package from a trusted place; 2) Inspect the implementations of the named tools (openclaw_shell_env_check, openclaw_plugin_integrity_check, etc.) to confirm they only read the expected config/env paths and do not exfiltrate data; 3) Run the checks in a restricted/sandbox environment first and review logs/output for unexpected network activity; 4) Because the SKILL.md warns 'generated by AI — human validation required', perform a manual review of the logic, and ensure no secrets or tokens are transmitted to external endpoints; 5) If you cannot verify the dependency provenance or tool implementations, do not enable this skill in production environments.
Capability Analysis
Type: OpenClaw Skill Name: firm-config-migration-pack Version: 1.0.0 The skill bundle describes a set of configuration migration and integrity audit tools, focusing on security checks like shell environment sanitization, plugin integrity, token separation, and OTEL PII redaction. All listed tools and their descriptions align with a legitimate security auditing purpose. There are no signs of data exfiltration, malicious execution, persistence, obfuscation, or prompt injection attempts against the AI agent. The instructions in SKILL.md are clear, descriptive, and consistent with the stated purpose, providing usage examples for the audit checks.
Capability Assessment
Purpose & Capability
The name and description (config migration, env sanitization, plugin integrity, OTEL redaction, RPC rate-limiting) line up with the listed checks. The SKILL.md declares a dependency on mcp-openclaw-extensions >= 3.0.0 which plausibly provides the five named tools. However, the skill does not include the tools, binaries, or an install spec itself; it assumes an external extension is present. That dependency is reasonable but deserves verification (who publishes mcp-openclaw-extensions?).
Instruction Scope
The runtime instructions are short and scoped: examples call tools with a config_path argument (e.g., openclaw_shell_env_check config_path=/path/to/config.json). They do not explicitly instruct reading unrelated system files or contacting external endpoints. However, the checks (shell env sanitization, token separation, OTEL PII redaction) necessarily inspect environment variables and configuration files which can contain secrets or PII. Because the skill is instruction-only and delegates behavior to external tools, the precise actions depend entirely on those tools' implementations — which are not provided here.
Install Mechanism
No install spec and no code files (instruction-only) — lowest risk in terms of code being written by the skill itself. But the SKILL.md declares mcp-openclaw-extensions >= 3.0.0 as a required dependency without giving a source or install method. This means the agent must already have that extension or fetch it from elsewhere; the lack of provenance for that dependency is a concern and should be validated before use.
Credentials
The skill declares no required environment variables, yet several checks imply access to environment variables (LD_PRELOAD/DYLD_*, tokens, OTEL data) and to configuration files. Inspecting env/config is reasonable for its purpose, but those are sensitive data sources. The SKILL.md does not enumerate what environment or secrets it will read, nor how data is handled or whether external reporting occurs. That mismatch (no declared env access but implied sensitive reads) justifies caution.
Persistence & Privilege
always is false and there is no install that writes persistent agent-wide configuration. The skill does not request permanent presence or attempt to modify other skills' configs. Autonomous invocation is allowed (default) but that is normal and not a standalone concern here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install firm-config-migration-pack
  3. After installation, invoke the skill by name or use /firm-config-migration-pack
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of firm-config-migration-pack. - Provides 5 tools for auditing configuration migrations: shell env sanitization, plugin integrity checks, token separation, OTEL PII redaction, and RPC rate limiting. - Ensures migration safety through automated checks and validations. - Requires mcp-openclaw-extensions >= 3.0.0. - Includes usage examples and tool descriptions with severity levels.
Metadata
Slug firm-config-migration-pack
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Firm Config Migration Pack?

Configuration migration and integrity audit pack. Shell env sanitization, plugin integrity, token separation, OTEL redaction, and RPC rate limiting. 5 migrat... It is an AI Agent Skill for Claude Code / OpenClaw, with 308 downloads so far.

How do I install Firm Config Migration Pack?

Run "/install firm-config-migration-pack" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Firm Config Migration Pack free?

Yes, Firm Config Migration Pack is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Firm Config Migration Pack support?

Firm Config Migration Pack is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Firm Config Migration Pack?

It is built and maintained by romainsantoli-web (@romainsantoli-web); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments