← 返回 Skills 市场
Config Guard
作者
justaboyhai-wq
· GitHub ↗
· v1.0.0
295
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install config-guard-v1
功能描述
安全修改 OpenClaw 配置文件。用于任何需要修改 ~/.openclaw/openclaw.json 的场景,包括:模型切换、channel 配置、tools 配置、skill 安装等。确保修改前备份、预览(脱敏 key)、并获得用户确认。
使用说明 (SKILL.md)
🛡️ Safe Config Modifier
安全修改 OpenClaw 配置文件的标准化流程,防止配置损坏导致服务故障。
⚡ 快速开始
# 1. 预览当前配置(脱敏)
~/.openclaw/skills/safe-config/scripts/preview.sh
# 2. 验证配置合法性
~/.openclaw/skills/safe-config/scripts/validate.sh
# 3. 备份当前配置
cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.backup-$(date +%Y%m%d-%H%M%S)
📋 完整流程
步骤 1: 读取当前配置
# 查看完整配置
cat ~/.openclaw/openclaw.json | jq '.'
# 查看特定字段
cat ~/.openclaw/openclaw.json | jq '.agents.defaults.model'
cat ~/.openclaw/openclaw.json | jq '.channels'
cat ~/.openclaw/openclaw.json | jq '.plugins'
步骤 2: 脱敏预览
使用内置脚本生成安全的预览:
# 完整预览(自动脱敏)
~/.openclaw/skills/safe-config/scripts/preview.sh
# 或手动脱敏
~/.openclaw/skills/safe-config/scripts/sanitize.sh \x3C ~/.openclaw/openclaw.json
脱敏字段: apiKey, token, password, secret, botToken
步骤 2.5: 本地验证
# JSON 语法检查
jq '.' ~/.openclaw/openclaw.json
# 使用验证脚本
~/.openclaw/skills/safe-config/scripts/validate.sh
# 测试 API 连通性(如适用)
curl -s https://api.siliconflow.cn/v1/models -H "Authorization: Bearer test" | jq .
步骤 3: 请求用户确认
⚠️ 关键规则:
- 展示脱敏后的配置变更
- 告知验证结果
- 必须收到确认语才能执行
- 确认语只认:
ojbk可以改了 - ❌ 其他任何同意("好的/可以/OK/收到")都不执行!
步骤 4: 执行修改
# 1. 备份(必需)
cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.backup-$(date +%Y%m%d-%H%M%S)
# 2. 写入新配置(使用 jq 或直接写入)
jq '.新字段 = "新值"' ~/.openclaw/openclaw.json > /tmp/openclaw.json
mv /tmp/openclaw.json ~/.openclaw/openclaw.json
# 3. 重启 Gateway(如需要)
openclaw gateway restart
步骤 5: 验证
# 检查配置写入
jq '.新字段' ~/.openclaw/openclaw.json
# 验证 JSON 合法
jq empty ~/.openclaw/openclaw.json && echo "✅ JSON 合法"
# 检查 Gateway 状态
openclaw gateway status
📖 常用配置示例
模型切换
{
"agents": {
"defaults": {
"model": {
"primary": "siliconflow/Pro/MiniMaxAI/MiniMax-M2.5"
}
}
}
}
添加新模型提供商
{
"models": {
"providers": {
"anthropic": {
"baseUrl": "https://api.anthropic.com/v1",
"apiKey": "sk-ant-***",
"models": [
{
"id": "claude-sonnet-4-20250514",
"name": "Claude Sonnet 4",
"contextWindow": 200000,
"maxTokens": 8192
}
]
}
}
}
}
Channel 配置
{
"channels": {
"telegram": {
"enabled": true,
"botToken": "123456:ABC-DEF***",
"dmPolicy": "pairing",
"groupPolicy": "allowlist"
}
}
}
启用 Telegram 贴纸
{
"channels": {
"telegram": {
"actions": {
"sticker": true
}
}
}
}
Tools 配置
{
"tools": {
"web": {
"search": {
"enabled": true,
"provider": "kimi",
"kimi": {
"apiKey": "sk-***"
}
}
}
}
}
🚫 禁止事项
| 规则 | 说明 |
|---|---|
| ❌ 禁止不备份 | 每次修改必须先备份 |
| ❌ 禁止不脱敏 | 展示给用户前必须脱敏 |
| ❌ 禁止不验证 | 修改前必须验证 JSON 格式 |
| ❌ 禁止口语确认 | 只认"ojbk可以改了" |
| ❌ 禁止忽略错误 | JSON 错误必须修复 |
✅ 正确流程检查清单
- 读取当前配置
- 生成脱敏预览
- 验证 JSON 格式
- 展示给用户
- 等待"ojbk可以改了"
- 备份当前配置
- 执行修改
- 验证写入结果
📂 文件结构
safe-config/
├── SKILL.md # 本文档
├── _meta.json # 元数据(ClawHub)
├── references/
│ └── examples.md # 配置示例
└── scripts/
├── sanitize.sh # 脱敏脚本
├── validate.sh # 验证脚本
└── preview.sh # 预览脚本
🔗 相关链接
安全使用建议
This skill appears to do what it says (preview, validate, backup, apply changes to ~/.openclaw/openclaw.json) and asks for no credentials, but the scripts intended to mask sensitive fields are brittle and have inconsistent sed patterns that may fail to hide secrets. Before using: (1) inspect and test preview.sh and sanitize.sh locally on a copy of your config to confirm sensitive values are actually masked; (2) prefer running these scripts against a non-production copy of the config first; (3) consider replacing sed-based masking with JSON-aware masking (jq to delete/mask keys) to avoid false negatives; (4) note the strict confirmation phrase ('ojbk可以改了') is brittle — confirm workflow expectations with your team; (5) do not rely solely on the skill's preview to protect secrets until you verify sanitization works.
功能分析
Type: OpenClaw Skill
Name: config-guard-v1
Version: 1.0.0
The skill bundle provides a structured and safety-oriented workflow for modifying OpenClaw configuration files. It includes scripts for sanitizing sensitive fields like API keys and tokens (scripts/sanitize.sh), validating JSON syntax (scripts/validate.sh), and enforcing a mandatory backup and specific user confirmation phrase ('ojbk可以改了') before applying changes. No evidence of data exfiltration, malicious execution, or unauthorized access was found; the logic is consistent with its stated purpose of preventing configuration corruption.
能力评估
Purpose & Capability
Name/description, SKILL.md, and scripts all consistently target safe modification of ~/.openclaw/openclaw.json (preview, validate, backup, apply). No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
Instructions explicitly read, preview (mask), validate, backup, and write ~/.openclaw/openclaw.json — which is appropriate for the stated purpose. However the SKILL.md promises automatic '脱敏' (masking) before display while the actual sanitize/preview scripts have inconsistent/likely-broken sed regexes; if sanitization fails the preview step can leak secrets. The SKILL.md also includes an example external curl command (api.siliconflow.cn) as a test, which is benign but unnecessary for core functionality.
Install Mechanism
Instruction-only with no install spec and no network downloads. Scripts are small shell utilities written into the skill; nothing is fetched from remote sources.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The skill operates on a single expected config path (~/.openclaw/openclaw.json) which matches its purpose.
Persistence & Privilege
Skill is user-invocable and not always-enabled; it does not request elevated or persistent privileges or modify other skills' configs. Autonomous invocation is allowed by platform default but not uniquely privileged here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install config-guard-v1 - 安装完成后,直接呼叫该 Skill 的名称或使用
/config-guard-v1触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
safe-config v1.0.0
- Initial release of the safe-config skill for secure modification of OpenClaw configuration files.
- Provides standardized workflow: backup, desensitized preview, JSON validation, and explicit user confirmation before any changes.
- Includes shell scripts for previewing, sanitizing, and validating configs.
- Enforces confirmation phrase ("ojbk可以改了") for high operational safety.
- Comprehensive documentation and example configurations for common scenarios included.
元数据
常见问题
Config Guard 是什么?
安全修改 OpenClaw 配置文件。用于任何需要修改 ~/.openclaw/openclaw.json 的场景,包括:模型切换、channel 配置、tools 配置、skill 安装等。确保修改前备份、预览(脱敏 key)、并获得用户确认。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 295 次。
如何安装 Config Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install config-guard-v1」即可一键安装,无需额外配置。
Config Guard 是免费的吗?
是的,Config Guard 完全免费(开源免费),可自由下载、安装和使用。
Config Guard 支持哪些平台?
Config Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Config Guard?
由 justaboyhai-wq(@justaboyhai-wq)开发并维护,当前版本 v1.0.0。
推荐 Skills