← Back to Skills Marketplace
Config Guard
by
segasonicye
· GitHub ↗
· v0.1.0
881
Downloads
0
Stars
5
Active Installs
1
Versions
Install in OpenClaw
/install config-guard
Description
Provides on-demand 10-second automatic rollback protection when modifying openclaw.json to ensure Gateway stability.
README (SKILL.md)
Claw Seatbelt 🛡️ (OpenClaw 安全带)
这是一款为你修改 openclaw.json 准备的“安全带”。它不像普通插件那样全天候运行,而是只在你需要修改配置并备份时,提供 10 秒的自动回滚保护。
特色功能
- 按需保护:仅在运行备份脚本时触发,不浪费系统资源。
- 10秒无敌险:修改配置后若 Gateway 无法在 10 秒内恢复,自动回退到最新备份并重启。
- 极简设计:无需复杂配置,即装即用。
Usage
The skill primarily runs as a background watchdog.
Manual Check
./bin/watchdog.sh
How it works
- Probes the local Gateway status.
- If down, captures the current "broken" config for debugging.
- Locates the most recent timestamped backup in
~/.openclaw/backups/. - Restores and restarts the Gateway service.
Usage Guidance
This skill is small and coherent, but inspect and run it carefully: 1) Ensure you trust the openclaw CLI on your PATH — the script calls it with status and restart commands. 2) Check ownership/permissions of ~/.openclaw and ~/.openclaw/backups: if those dirs are writable or symlinked by an untrusted user, cp/ls operations could be abused (symlink/TOCTOU). 3) Logs are written to /tmp/openclaw-watchdog.log which is world-writeable by default on some systems; consider changing the log path or securing /tmp to avoid information disclosure or symlink attacks. 4) Backups and failed-config copies may contain sensitive credentials — secure backup storage and access. 5) Run the script manually in a safe environment first to confirm behavior; you may want to add stricter checks (atomic file replacement, secure temporary files, explicit permission checks) before using it in production.
Capability Analysis
Type: OpenClaw Skill
Name: config-guard
Version: 0.1.0
The skill bundle provides a 'Claw Seatbelt' feature designed to automatically roll back OpenClaw Gateway configurations to a previous backup if the Gateway becomes unresponsive. The `SKILL.md` instructions are clear and directly align with this stated purpose, showing no signs of prompt injection attempts to subvert the agent. The `bin/watchdog.sh` script implements the rollback logic using standard shell commands (`ls`, `cp`, `grep`) and the legitimate `openclaw` CLI tool to manage configurations and restart the Gateway. There is no evidence of data exfiltration, unauthorized network activity, persistence mechanisms, or obfuscation. The script operates within the expected scope of a configuration management utility, making its intent benign.
Capability Assessment
Purpose & Capability
The name/description promise (on-demand 10s rollback protection for openclaw.json/Gateway) matches the included runtime instructions and bin/watchdog.sh: it probes gateway status, finds the latest ~/.openclaw/backups/openclaw-*.json, copies it into place, and restarts the gateway via the openclaw CLI.
Instruction Scope
SKILL.md only instructs running ./bin/watchdog.sh and the script's behavior stays within that scope. However the script reads/writes $HOME/.openclaw/openclaw.json and ~/.openclaw/backups/, copies files, and writes logs to /tmp/openclaw-watchdog.log — these operations touch potentially sensitive configuration and produce files that may contain secrets. The script also assumes the presence and integrity of the openclaw CLI.
Install Mechanism
No install spec or external downloads; this is an instruction-only skill with a small bundled shell script. Nothing is fetched from remote hosts and no archives are extracted.
Credentials
The skill declares no credentials or special env vars, which is consistent. It does use $HOME and standard filesystem paths (~/.openclaw and /tmp). Because it copies configs and creates backups/logs, users should recognize it will handle files that may contain sensitive tokens; that access is proportionate to the stated purpose but still sensitive.
Persistence & Privilege
always is false and the skill is user-invocable only. It does not request permanent agent presence or modify other skills/config; it runs only when the user invokes the script.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install config-guard - After installation, invoke the skill by name or use
/config-guard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of Claw Seatbelt
- On-demand safety for modifying openclaw.json, with 10-second automatic rollback protection.
- Engages only during backup script runs to conserve resources.
- Captures failed configurations for debugging if the Gateway fails to recover.
- Automatically restores the last good config and restarts the Gateway if needed.
- Zero setup required—simple and ready to use out of the box.
Metadata
Frequently Asked Questions
What is Config Guard?
Provides on-demand 10-second automatic rollback protection when modifying openclaw.json to ensure Gateway stability. It is an AI Agent Skill for Claude Code / OpenClaw, with 881 downloads so far.
How do I install Config Guard?
Run "/install config-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Config Guard free?
Yes, Config Guard is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Config Guard support?
Config Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Config Guard?
It is built and maintained by segasonicye (@segasonicye); the current version is v0.1.0.
More Skills