← Back to Skills Marketplace
Config Modification Safety
by
alexduming
· GitHub ↗
· v1.0.0
· MIT-0
64
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install config-modification-safety
Description
OpenClaw 配置安全守护。防止 AI 改坏配置文件的双层守护架构,支持 macOS 和 Windows。 触发场景:AI 修改配置文件后系统崩溃、JSON 语法错误导致 Gateway 无法启动、想给 OpenClaw 配置安全网。 核心功能: - 第一层(铜墙):配置文件变更时自动校验 JSON,语法错误...
README (SKILL.md)
config-modification-safety
OpenClaw 配置安全守护 — 给 AI 的配置修改加上双层保险。
🔐 这个 Skill 解决什么问题
AI 修改配置时可能犯错导致整个系统崩溃,而且 AI 自己无法修复(因为 Gateway 起不来了)。双层守护架构确保:
- JSON 语法错误 → \x3C 1 秒自动回滚
- Gateway 崩溃 → 5~15 分钟自动恢复
- 完全自动,不需要人工介入
🚀 快速安装
macOS(苹果电脑)
bash ~/.openclaw/skills/config-modification-safety/scripts/install.sh
使用 macOS 原生 launchd WatchPaths,不需要安装任何额外依赖
Windows(Windows 10/11)
- 找到
~/.openclaw/skills/config-modification-safety/windows/目录 - 右键点击
install.bat→ 以管理员身份运行
使用 PowerShell FileSystemWatcher + Task Scheduler
📊 架构原理
| 层级 | macOS | Windows | 响应时间 | 防什么 |
|---|---|---|---|---|
| 铜墙(第一层) | launchd WatchPaths | FileSystemWatcher | \x3C 1 秒 | JSON 语法写错 |
| 铁壁(第二层) | cron | Task Scheduler | 5~15 分钟 | 配置值错误崩溃 |
📋 常用命令
macOS
# 手动回滚
python3 ~/.openclaw/workspace/.lib/config-safety/guard.py rollback
# 查看守护日志
tail -f ~/.openclaw/workspace/.lib/config-safety/guard.log
# 检查守护进程
launchctl list | grep config-guard
# 卸载
launchctl unload ~/Library/LaunchAgents/com.openclaw.config-guard.plist
crontab -e # 删除 config-safety 那行
Windows(命令提示符 / PowerShell)
:: 手动回滚
python %USERPROFILE%\.openclaw\workspace\.lib\config-safety\guard.py rollback
:: 查看任务状态
schtasks /query /tn "OpenClaw"
:: 卸载
schtasks /delete /tn "OpenClaw Config Guard" /f
schtasks /delete /tn "OpenClaw Health Check" /f
🎯 什么时候会触发保护
第一层(铜墙)触发: AI 修改配置文件时 JSON 语法写错(多余逗号、引号、花括号),1 秒内自动回滚。
第二层(铁壁)触发: JSON 语法正确但值错误(不存在模型名等),导致 Gateway 崩溃,5~15 分钟后自动恢复。
🔧 工作目录
macOS
~/.openclaw/workspace/.lib/config-safety/ # 守护脚本
~/.openclaw/config-backups/ # 配置文件备份(最多 10 份)
Windows
%USERPROFILE%\.openclaw\workspace\.lib\config-safety\ # 守护脚本
%USERPROFILE%\.openclaw\config-backups\ # 配置文件备份
⚠️ 重要提示
- 备份最多保留 10 份,自动清理旧备份
- 回滚恢复到最近一次成功备份
- 系统完全崩溃时:macOS
guard.py rollback,Windowsguard.py rollback即可 10 秒恢复
📤 分享到 ClawHub
打包 Skill:
python3 ~/.openclaw/skills/skill-creator/scripts/package_skill.py \
~/.openclaw/skills/config-modification-safety \
~/.openclaw/skills/config-modification-safety/dist
分享给其他用户后:
- macOS 用户:运行
install.sh - Windows 用户:运行
install.bat(管理员) - 门槛极低,体验极佳
Usage Guidance
Do not run the provided install scripts as administrator until you verify the package contents. Specific issues to check before installing:
- Missing files: the installer expects com.openclaw.config-guard.plist, install.bat, and Windows PowerShell scripts referenced in windows/SKILL.md, but these files are not in the manifest. Ask the publisher for the missing artifacts or an updated package.
- Verify the 'openclaw' CLI referenced by restart_gateway exists on your system and that you trust it.
- Inspect the launchd plist and any Task Scheduler/PowerShell scripts (if provided) to confirm they run only the expected guard scripts and do not call external URLs or upload data.
- Run the installer in a sandbox or test machine first (not your production environment). Verify that backups are created in ~/.openclaw/config-backups and that rollback/restore behave as expected.
- On Windows, never double-click or run an install.bat as Administrator unless you have the complete package and have inspected the scripts. If the publisher cannot provide the missing files, treat the skill as incomplete and avoid installing.
Capability Analysis
Type: OpenClaw Skill
Name: config-modification-safety
Version: 1.0.0
The skill implements a configuration watchdog that uses high-risk persistence mechanisms, including crontab and launchd on macOS and Task Scheduler on Windows, to monitor and automatically roll back changes to agent.json. While the stated intent is to provide safety against AI-induced configuration errors, the use of background persistence and automated service restarts (via guard.py and health-check.sh) constitutes high-risk behavior. Additionally, there is a discrepancy in scripts/health-check.sh where comments mention LLM-based checks that are not present in the code, and scripts/install.sh references a .plist file that was not included in the provided source bundle.
Capability Assessment
Purpose & Capability
The name/description (config protection for OpenClaw) aligns with the included Python and shell scripts: they back up config files, validate JSON, roll back, and attempt to restart the Gateway. The scripts call an "openclaw gateway restart" command (assumes an OpenClaw CLI) which is reasonable for this purpose but is not declared as a required binary in the metadata.
Instruction Scope
SKILL.md and the scripts instruct installing persistent jobs (launchd + cron, or Task Scheduler/PowerShell on Windows) and to run install scripts as admin on Windows. However the install instructions reference files that are not present in the package (e.g., com.openclaw.config-guard.plist, install.bat, PowerShell scripts mentioned in windows SKILL.md). That mismatch means the runtime instructions are incomplete or inconsistent and could lead users to run admin-level installers that won't function correctly or will leave the system in an uncertain state.
Install Mechanism
There is no external network download (good), and installation is local copy + registering launchd/cron. But install.sh expects a plist at $HOME/.openclaw/skills/.../scripts/com.openclaw.config-guard.plist which is absent from the manifest. The Windows install path and helper files (install.bat, PowerShell watcher/health scripts) are also referenced but not included. Missing install artifacts make the install process unreliable and potentially risky if users try to supply/modify files themselves.
Credentials
The skill does not request credentials or environment variables in metadata. The health-check script optionally reads GATEWAY_URL from the environment (defaults to localhost), which is appropriate. No secret-exfiltration indicators or unrelated credential requirements are present.
Persistence & Privilege
The skill installs persistent watchdogs (launchd + cron on macOS, Task Scheduler on Windows) which is expected for this functionality. It does not set always:true. Windows installation requires administrator privileges per the documentation—this is reasonable for registering scheduled tasks but increases risk if the package is incomplete or malicious. The skill does not attempt to modify other skills' configs in the provided code.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install config-modification-safety - After installation, invoke the skill by name or use
/config-modification-safety - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
首次发布。支持 macOS 和 Windows 双平台,零依赖安装。双层守护架构:配置变更监听(铜墙)+ 定时健康巡检(铁壁)。
Metadata
Frequently Asked Questions
What is Config Modification Safety?
OpenClaw 配置安全守护。防止 AI 改坏配置文件的双层守护架构,支持 macOS 和 Windows。 触发场景:AI 修改配置文件后系统崩溃、JSON 语法错误导致 Gateway 无法启动、想给 OpenClaw 配置安全网。 核心功能: - 第一层(铜墙):配置文件变更时自动校验 JSON,语法错误... It is an AI Agent Skill for Claude Code / OpenClaw, with 64 downloads so far.
How do I install Config Modification Safety?
Run "/install config-modification-safety" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Config Modification Safety free?
Yes, Config Modification Safety is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Config Modification Safety support?
Config Modification Safety is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Config Modification Safety?
It is built and maintained by alexduming (@alexduming); the current version is v1.0.0.
More Skills