← 返回 Skills 市场
Configure Tools
作者
Karl Varga
· GitHub ↗
· v1.0.0
· MIT-0
236
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install configure-tools
功能描述
Configure OpenClaw tool policies, exec security, and per-agent tool restrictions. Use when asked to set up tool access for an agent, restrict tools, configur...
使用说明 (SKILL.md)
Configure Tools
Set up tool policies and security following conventions/tools.md. Read the convention first for profiles, groups, exec security options, and policy layering rules.
Decision Flow
-
What scope?
- Global (all agents) →
tools.*inopenclaw.json - Single agent →
agents.list[].tools.* - Single provider/model →
tools.byProvider.*oragents.list[].tools.byProvider.*
- Global (all agents) →
-
Start with a profile or build custom?
- Agent fits a standard role → use a profile (
full,coding,messaging,minimal) - Agent needs a specific tool mix → use explicit
allow/denywithgroup:*shorthands
- Agent fits a standard role → use a profile (
-
Does exec need configuration?
- Agent runs shell commands → configure
host,security,ask(see convention for options) - Agent should not run shell commands → deny
group:runtime
- Agent runs shell commands → configure
Config Syntax
Set a profile
// Global
{ tools: { profile: "coding" } }
// Per-agent
{ agents: { list: [{ id: "\x3Cagent-id>", tools: { profile: "messaging" } }] } }
Fine-tune with allow/deny
Use group:* shorthands (listed in conventions/tools.md) over individual tool names. Deny wins over allow.
// Profile + deny specific groups
{ id: "\x3Cagent-id>", tools: { profile: "coding", deny: ["group:ui", "group:web"] } }
// Profile + allow extras
{ id: "\x3Cagent-id>", tools: { profile: "messaging", allow: ["web_search"] } }
// Explicit allow (no profile)
{ id: "\x3Cagent-id>", tools: { allow: ["read", "session_status", "memory_search"] } }
Enable plugin tools
Use alsoAllow (additive, safe) rather than replacing the allowlist:
{ tools: { alsoAllow: ["lobster", "llm-task"] } }
Configure exec security
// Sandboxed (safest)
{ tools: { exec: { host: "sandbox", security: "deny" } } }
// Gateway with approvals (most agents)
{ tools: { exec: { host: "gateway", security: "allowlist", ask: "on-miss" } } }
// Trusted main agent (wide open)
{ tools: { exec: { host: "gateway", security: "full", ask: "off" } } }
Restrict by provider
{ tools: { byProvider: { "google/gemini-2.5-flash": { profile: "coding" } } } }
Apply Changes
Use the gateway tool:
{ "tool": "gateway", "action": "config.patch", "patch": { "tools": { ... } } }
Or edit ~/.openclaw/openclaw.json directly and restart the Gateway.
Post-Configuration Checklist
- Non-main agents use least-privilege tool access (profile or explicit allow)
- Exec security configured appropriately (
host,security,ask) - No interpreter binaries (
python3,node,bash) intools.exec.safeBins - Plugin tools explicitly opted in via
alsoAllowwhere needed - Provider-specific restrictions set for less capable models if applicable
- Configuration applied and verified
安全使用建议
This skill is coherent: it tells an agent how to configure tool and exec policies and how to apply them via the gateway or by editing ~/.openclaw/openclaw.json. Before installing or running it, verify: (1) who/what has permission to call the gateway tool (it can make global changes); (2) back up ~/.openclaw/openclaw.json and test changes on a non-production agent first; (3) restrict invocation to authorized users/agents (the skill can affect many agents); (4) confirm that any gateway-issued config.patch will be audited and reversible; and (5) consider asking the skill author to declare the config path and required privileges in the metadata so you can review them automatically. If you cannot limit who can invoke the gateway or cannot audit changes, treat this skill with caution.
功能分析
Type: OpenClaw Skill
Name: configure-tools
Version: 1.0.0
The skill bundle provides legitimate instructions and configuration templates for managing tool access and execution security within the OpenClaw framework. It promotes security best practices such as least-privilege access, sandboxing, and explicit approval workflows, with no evidence of malicious intent or data exfiltration logic in SKILL.md or _meta.json.
能力评估
Purpose & Capability
Name/description align with the instructions: the SKILL.md describes configuring tool policies, exec security, profiles, and using the gateway to apply patches. The required capabilities (editing openclaw.json or calling gateway) are consistent with the stated purpose.
Instruction Scope
The instructions explicitly reference editing ~/.openclaw/openclaw.json and using the gateway tool (config.patch). The skill metadata did not declare that it would touch or require that config path. Editing global per-agent or global tool policies is high-impact and the SKILL.md gives no guidance about authorization checks or safeguards beyond a checklist.
Install Mechanism
Instruction-only skill with no install spec and no code files — no additional software is downloaded or executed by the skill itself.
Credentials
No environment variables, credentials, or external services are requested. However, the runtime assumes the agent has access to the gateway tool and the filesystem path for ~/.openclaw/openclaw.json; those implicit privileges are not declared in metadata.
Persistence & Privilege
The skill's recommended actions modify persistent configuration (global or per-agent openclaw.json) and can change tool access for multiple agents. This is coherent with its purpose but is a privileged action; the SKILL.md does not require or describe explicit authorization or audit steps prior to applying changes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install configure-tools - 安装完成后,直接呼叫该 Skill 的名称或使用
/configure-tools触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of configure-tools skill.
- Enables configuration of OpenClaw tool policies, per-agent tool restrictions, and exec security options.
- Supports global, agent-specific, and provider/model-specific tool access rules using profiles or custom allow/deny lists.
- Provides guidance on exec (shell command) security with sandbox, gateway, and approval options.
- Documents use of tool groups, plugin tool enablement, and additive allowlists.
- Includes a clear decision flow and a post-configuration checklist for safer, least-privilege setups.
元数据
常见问题
Configure Tools 是什么?
Configure OpenClaw tool policies, exec security, and per-agent tool restrictions. Use when asked to set up tool access for an agent, restrict tools, configur... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 236 次。
如何安装 Configure Tools?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install configure-tools」即可一键安装,无需额外配置。
Configure Tools 是免费的吗?
是的,Configure Tools 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Configure Tools 支持哪些平台?
Configure Tools 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Configure Tools?
由 Karl Varga(@kjvarga)开发并维护,当前版本 v1.0.0。
推荐 Skills