← Back to Skills Marketplace
Config Manager
by
dougchambers
· GitHub ↗
· v1.0.0
· MIT-0
119
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install legend-config-manager
Description
Safe configuration file editing for JSON, YAML, TOML, and other config formats. Use when working with configuration files for: (1) Reading config values, (2)...
README (SKILL.md)
Config Manager
Handles configuration files through safe, validated operations that preserve syntax and formatting.
Core Workflows
Format Detection
Identify config format by extension:
.json→ JSON.yaml,.yml→ YAML.toml→ TOML.env→ Environment variables.ini→ INI format.xml→ XML.cfg,.conf→ Generic config
Safe Editing Rules
Golden Rule: Never manually edit structured configs unless trivial. Use tools:
- JSON:
jqfor CLI, JSON.parse/stringify for code - YAML:
yqfor CLI, yaml libraries for code - TOML:
tomllibraries (no standard CLI tool)
Common Operations
Read Values
# JSON
jq '.key' config.json
jq '.nested.key' config.json
# YAML
yq '.key' config.yaml
yq '.nested.key' config.yaml
# TOML (requires python/toml)
python -c "import toml; print(toml.load('config.toml')['key'])"
Update Values
# JSON
jq '.key = "new value"' config.json > tmp && mv tmp config.json
# YAML
yq -i '.key = "new value"' config.yaml
# Always backup first
cp config.json config.json.bak
Add New Keys
# JSON
jq '.newKey = "value"' config.json > tmp && mv tmp config.json
# YAML
yq -i '.newKey = "value"' config.yaml
Remove Keys
# JSON
jq 'del(.unwantedKey)' config.json > tmp && mv tmp config.json
# YAML
yq -i 'del(.unwantedKey)' config.yaml
Validation Before Save
Always validate after edits:
# JSON
jq empty config.json && echo "Valid JSON"
# YAML
yamllint config.yaml || python -c "import yaml; yaml.safe_load(open('config.yaml'))"
# TOML
python -c "import toml; toml.load('config.toml')"
Formatting Preservation
- Use
yq -ifor in-place YAML edits (preserves comments) - Use
jqwith--indentto control JSON spacing - Never mix tabs/spaces in YAML
- Preserve trailing newlines
Creating New Configs
Use templates or generate programmatically:
# JSON
echo '{"key": "value"}' | jq '.' > new-config.json
# YAML
cat > new-config.yaml \x3C\x3C EOF
key: value
nested:
key2: value2
EOF
Safety Rules
- Validate syntax before saving any changes
- Backup first - Copy original before destructive edits
- Use tools, not manual edits -
jq/yqfor JSON/YAML - Test after changes - Load config in application context
- Respect workspace boundaries - Only touch ~/openclaw configs
- Never commit secrets - Use .env for sensitive values, gitignore them
When to Read references/formats.md
Load when:
- Need detailed format specifications (JSON schema, YAML anchors)
- Complex merge/conflict resolution needed
- Format conversion required (JSON↔YAML↔TOML)
- Validation schemas or type checking needed
Usage Guidance
This skill appears to be what it claims (a how-to guide for safely editing config files) but be cautious: it's instruction-only, so the agent following it will run shell commands that can modify files and install software. Before using, verify or enforce these points: 1) limit actions to a safe directory (e.g., ~/openclaw) — prefer absolute paths or sandboxing; 2) do not run commands with sudo or allow global package installs unless you explicitly want system-wide changes; 3) review any wget/pip commands before running (they download and execute code); 4) avoid passing secrets or system config files to the skill; and 5) if you want automated edits, prefer running the commands yourself or in a constrained container with limited privileges. If you need higher assurance, ask the author to remove/instrument install instructions, lock all file operations to a specific workspace path, and provide an explicit safety checklist for elevation and network operations.
Capability Analysis
Type: OpenClaw Skill
Name: legend-config-manager
Version: 1.0.0
The skill provides legitimate configuration management utilities but includes high-risk instructions in references/formats.md that direct the agent to download an external binary via wget (https://github.com/mikefarah/yq) and install it using sudo and chmod. While these actions are aligned with the stated purpose of the skill, the inclusion of instructions for remote binary execution and elevated privilege usage represents a significant security risk and attack surface, fitting the criteria for a suspicious classification.
Capability Assessment
Purpose & Capability
Name and description align with the provided instructions and reference material: operations for reading, updating, validating, converting, and merging common config formats are all covered and expected.
Instruction Scope
The SKILL.md includes many shell commands that operate on files (jq, yq, sed, cp, mv, python snippets) but examples reference generic filenames (config.json, config.yaml) rather than enforcing a confined path. Although a safety rule says 'Only touch ~/openclaw configs', the examples and commands do not programmatically constrain operations to that directory. The instructions also recommend running package installs and downloading binaries (sudo apt, brew, pip, wget) which could change system state or require elevated privileges.
Install Mechanism
There is no formal install spec (instruction-only), which reduces supply-chain risk. However the included references explicitly instruct installing tools (apt/brew/pip, wget + GitHub release for yq). Those are normal for a CLI-focused guide but mean the agent (or user following agent guidance) may download and install software from the network and use sudo.
Credentials
The skill requests no environment variables, no credentials, and no protected config paths. That is proportionate to its described functionality.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide privileges from its metadata. The instructions may result in package installs or file edits if executed, but the skill itself does not declare persistent or elevated platform privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install legend-config-manager - After installation, invoke the skill by name or use
/legend-config-manager - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of legend-config-manager.
- Provides safe, validated editing for JSON, YAML, TOML, and other config files.
- Supports reading, updating, adding, and removing keys, plus format conversions.
- Emphasizes backup, syntax validation, and use of appropriate CLI/code tools (jq, yq, etc).
- Includes rules for safely creating and editing new configs.
- Advises on when to reference deeper format guides and schema validation.
Metadata
Frequently Asked Questions
What is Config Manager?
Safe configuration file editing for JSON, YAML, TOML, and other config formats. Use when working with configuration files for: (1) Reading config values, (2)... It is an AI Agent Skill for Claude Code / OpenClaw, with 119 downloads so far.
How do I install Config Manager?
Run "/install legend-config-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Config Manager free?
Yes, Config Manager is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Config Manager support?
Config Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Config Manager?
It is built and maintained by dougchambers (@dougchambes); the current version is v1.0.0.
More Skills