← 返回 Skills 市场
322
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install continuous-openclaw-config-guard
功能描述
Monitors openclaw.json for changes, backs up before edits, restarts gateway, and auto-rolls back if no message received within a configurable timeout.
使用说明 (SKILL.md)
OpenClaw 配置回滚守护
适用且测试过linux系统。
功能
- 监控配置文件 - 持续监控
~/.openclaw/openclaw.json - 自动备份 - 配置修改前自动创建备份
- 自动重启网关 - 配置修改后自动重启网关
- 消息验证 - 一段时间内未收到消息则自动回滚
- 自动恢复 - 回滚后自动重启网关
文件结构
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/
├── scripts/
├── guard.sh # 守护脚本(核心)
└── continuous-openclaw-config-guard.service.txt # systemd 服务文件
├── SKILL.md # 本说明文件
├── guard.log # 运行日志
├── guard.pid # 进程ID文件
└── backups/ # 备份目录
├── openclaw.json.20250310160000
├── openclaw.json.20250310160500
└── openclaw.json.rollback.20250310161000
环境变量
可以通过环境变量自定义配置。
必须修改的变量
| 变量 | 默认值 | 说明 | 为什么需要修改 |
|---|---|---|---|
SESSION_FILE |
~/.openclaw/agents/huoxiaoxing/sessions/sessions.json |
会话文件路径 | 必须修改! 默认值中的 huoxiaoxing 是开发者的 agent 名称,其他用户需要改成自己的 agent 名称才能正确检测消息活动 |
通常不需要修改的变量
如果你的 OpenClaw 安装路径或者agent的工作空间不同,需要修改以下变量。
| 变量 | 默认值 | 说明 |
|---|---|---|
CONFIG_FILE |
~/.openclaw/openclaw.json |
要监控的配置文件 |
BACKUP_DIR |
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/backups |
备份存放目录 |
LOG_FILE |
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/guard.log |
日志文件路径 |
PID_FILE |
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/guard.pid |
PID文件路径 |
OPENCLAW_BIN |
~/.npm-global/bin/openclaw |
OpenClaw 可执行文件 |
WAIT_TIME |
300 |
等待验证时间(秒) |
CHECK_INTERVAL |
10 |
检查间隔(秒) |
使用环境变量示例
# 修改 SESSION_FILE(必须!)
SESSION_FILE=~/.openclaw/agents/your-agent-name/sessions/sessions.json ~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -s
# 监控不同的配置文件
CONFIG_FILE=/path/to/custom.json ~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -s
# 自定义等待时间(600秒=10分钟)
WAIT_TIME=600 ~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -s
# 修改 OpenClaw 命令路径(如果安装位置不同)
OPENCLAW_BIN=/path/to/your/openclaw.bash ~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -s
# 组合使用
SESSION_FILE=~/.openclaw/agents/your-agent/sessions/sessions.json WAIT_TIME=600 ~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -s
使用方法
方式一:systemd 服务(推荐)
作为系统服务运行,开机自启,崩溃自动重启。systemd 只管理守护进程的启动/停止,其他操作(回滚、列备份等)直接用手动命令。
修改服务文件
使用前必须修改 continuous-openclaw-config-guard.service.txt 中的以下内容:
- ExecStart/ExecStop 路径 - 改为你的实际安装路径
- User - 改为你的用户名
- WorkingDirectory - 改为你的实际安装路径
- 环境变量 - 特别是
SESSION_FILE中的 agent 名称
[Service]
ExecStart=/你的/实际/路径/scripts/guard.sh -s
ExecStop=/你的/实际/路径/scripts/guard.sh -k
User=你的用户名
WorkingDirectory=/你的/实际/路径
Environment="SESSION_FILE=/home/你的用户名/.openclaw/agents/你的agent名/sessions/sessions.json"
安装服务
# 1.添加脚本执行权限
chmod +x ~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh
# 2. 先编辑服务文件,修改上述内容
nano ~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/continuous-openclaw-config-guard.service.txt
# 3. 复制服务文件到 systemd 目录
sudo cp ~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/continuous-openclaw-config-guard.service.txt /etc/systemd/system/continuous-openclaw-config-guard.service
# 4. 重新加载 systemd
sudo systemctl daemon-reload
# 5. 启动服务
sudo systemctl start continuous-openclaw-config-guard
# 6. 查看状态
sudo systemctl status continuous-openclaw-config-guard
# 7. 开机自启(可选)
sudo systemctl enable continuous-openclaw-config-guard
管理服务(仅启动/停止/重启)
# 启动守护进程
sudo systemctl start continuous-openclaw-config-guard
# 停止守护进程
sudo systemctl stop continuous-openclaw-config-guard
# 重启守护进程
sudo systemctl restart continuous-openclaw-config-guard
# 查看日志
sudo journalctl -u continuous-openclaw-config-guard -f
# 查看所有日志
sudo journalctl -u continuous-openclaw-config-guard
其他操作(直接用手动命令)
即使使用 systemd,以下命令仍然可以直接使用:
# 立即回滚到最新备份并重启网关
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -r
# 列出所有备份(带备注)
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -l
# 查看帮助
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -h
方式二:手动运行
适合临时测试或不使用 systemd 的系统。所有操作都通过脚本命令完成。
启动守护(后台运行)
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -s
启动守护,自定义等待时间(10分钟)
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -s -w 600
停止守护
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -k
立即回滚到最新备份并重启网关
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -r
列出所有备份(带备注)
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -l
查看帮助
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -h
完整工作流程
1. 守护进程启动
↓
2. 创建初始备份(若无备份)
↓
3. 持续监控 openclaw.json 修改时间
↓ 检测到修改
4. 重启网关
↓
┌──────┴──────┐
│ 重启成功? │
├──────┬──────┤
│ 是 │ 否 │
↓ ↓ │
5. 开始计时 6. 立即回滚 ←┘
等待消息验证 并重启网关
(WAIT_TIME) ↓
↓ └─────┐
┌──────┴──────┐ │
│ │ │
收到消息 超时 │
│ │ │
验证成功 验证失败 │
│ │ │
创建新备份 回滚配置 │
(作为新基准) 并重启网关 │
↓ ↓ │
└─────┬───────┘ │
↓ │
返回步骤3,继续监控────┘
备份说明
- 备份时机:守护进程启动时创建初始备份,配置被修改且验证成功后自动备份
- 备份内容:成功运行的配置文件
- 备份命名:
openclaw.json.YYYYMMDDHHMMSS - 回滚记录:回滚时会保存当前配置为
openclaw.json.rollback.YYYYMMDDHHMMSS
日志查看
systemd 方式(推荐)
# 实时查看日志
sudo journalctl -u continuous-openclaw-config-guard -f
# 查看最近100行
sudo journalctl -u continuous-openclaw-config-guard -n 100
# 查看今天所有日志
sudo journalctl -u continuous-openclaw-config-guard --since today
# 查看完整日志
sudo journalctl -u continuous-openclaw-config-guard
手动运行方式
# 实时查看日志
tail -f ~/.openclaw/workspace/skills/continuous-openclaw-config-guard/guard.log
# 查看最近100行
tail -100 ~/.openclaw/workspace/skills/continuous-openclaw-config-guard/guard.log
# 搜索关键词
grep "回滚" ~/.openclaw/workspace/skills/continuous-openclaw-config-guard/guard.log
注意事项
- 首次启动会自动创建初始备份
- 每次成功验证后会创建新的基准备份
- 回滚时会自动重启网关,无需手动操作
- 使用 systemd 时,日志由 journald 管理;手动运行时,日志写入
guard.log - 修改环境变量后,需要重启服务生效:
sudo systemctl restart continuous-openclaw-config-guard - SESSION_FILE 必须正确设置,否则无法检测消息活动,会导致配置修改后总是回滚
故障排查
服务无法启动
# 查看详细错误信息
sudo systemctl status continuous-openclaw-config-guard
# 查看启动日志
sudo journalctl -u continuous-openclaw-config-guard -n 50
检查脚本权限
chmod +x ~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh
手动测试脚本
# 先手动运行测试,确认脚本正常
~/.openclaw/workspace/skills/continuous-openclaw-config-guard/scripts/guard.sh -h
无法顺利执行
仔细检查scripts文件夹下guard.sh和continuous-openclaw-config-guard.service.txt的各个参数特别是环境变量,确保配置与你的实际环境一致。
安全使用建议
Do not install or enable this service until you review and edit the script and service file. Specifically:
- Change SESSION_FILE to point to your own agent/session file (SKILL.md repeatedly warns this is required). The metadata failing to declare SESSION_FILE is an omission—treat it as required.
- Replace the hard-coded --account huoxiaoxing and the Matrix target (!HwJBqEut...:matrix.local) with your own account/target or remove the message-send lines if you do not want external notifications. The script currently sends status messages to an external Matrix ID using the developer's account—this is the main unexpected network communication.
- Verify OPENCLAW_BIN is correct for your system and test the restart/status commands manually before letting the script restart your gateway automatically.
- Inspect and control permissions for the backups and log files (they may contain config or sensitive metadata). Ensure backups are stored where you trust them.
- Test the script manually in a safe environment (non-production) and run it without installing systemd first. Only copy the service file to /etc/systemd/system after modifying the User, ExecStart/Stop, WorkingDirectory, and Environment entries.
- If you lack confidence in the external notifications, remove or disable the message-send calls and rely on local logging/emailing to a destination you control. Given the metadata omissions and hard-coded external account, exercise caution and prefer manual testing.
功能分析
Type: OpenClaw Skill
Name: continuous-openclaw-config-guard
Version: 1.0.1
The skill bundle provides a configuration monitoring and rollback service for OpenClaw, but it contains hardcoded notification logic in `scripts/guard.sh` that sends status updates to a specific Matrix room (`!HwJBqEutNMXtWGuTAa:matrix.local`) using a hardcoded account name (`huoxiaoxing`). While the `SKILL.md` documentation instructs users to modify certain environment variables, the Matrix notification target is not parameterized, meaning the script will attempt to send telemetry about the user's configuration changes to the developer's endpoint by default. Additionally, the systemd service file contains hardcoded absolute paths and user-specific environment variables that require manual cleanup to function correctly.
能力评估
Purpose & Capability
The skill's stated purpose (monitor openclaw.json, backup, restart, rollback) aligns with the provided script. However the registry metadata lists no required environment variables or credentials, while SKILL.md and the script require a SESSION_FILE and expect an OpenClaw binary path. The omission of these required configuration items from metadata is an incoherence.
Instruction Scope
The runtime instructions (and included guard.sh) do more than file-watching: they read ~/.openclaw openclaw.json and a SESSION_FILE to detect message activity, write backups and logs, restart the gateway via an OpenClaw binary, and send status messages to a hard-coded Matrix ID. The external notifications and hard-coded account (--account huoxiaoxing) are outside what a minimal 'config guard' would need and constitute unexpected external communications.
Install Mechanism
This is an instruction-only skill with included scripts (no download/install spec). Installation requires copying a service file into /etc/systemd/system (requires sudo) and marking the script executable—normal for a persistent daemon but it gives the script persistent presence on the system once installed.
Credentials
Although the registry lists no required env vars/credentials, SKILL.md and guard.sh require and reference SESSION_FILE, OPENCLAW_BIN, and other env vars. The script also hard-codes an agent/account name ('huoxiaoxing') and a Matrix target (!HwJBqEut...:matrix.local) for outbound messages. Requesting no declared credentials but performing outbound network notifications (using someone else's account/target) is disproportionate and unexpected.
Persistence & Privilege
The skill does not set always:true and is user-invocable. If installed as instructed, it becomes a systemd-managed persistent service (auto-restarting) running as the configured User. That persistence is normal for a daemon but combined with the above issues increases potential blast radius if misconfigured.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install continuous-openclaw-config-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/continuous-openclaw-config-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- No code or documentation changes in this release.
- Version bumped to 1.0.1 with no changes detected.
v1.0.0
Initial release of continuous-openclaw-config-guard.
- Provides automated backup and rollback for OpenClaw configuration changes.
- Monitors openclaw.json for edits, creating backups prior to changes.
- Restarts the OpenClaw gateway after each configuration change.
- Monitors message activity and automatically rolls back changes if no messages are detected within a configurable timeout (default: 5 minutes).
- Offers configurable environment variables for file locations and timeout settings.
- Includes systemd service support for persistent and robust guard operation.
元数据
常见问题
continuous-openclaw-config-guard 是什么?
Monitors openclaw.json for changes, backs up before edits, restarts gateway, and auto-rolls back if no message received within a configurable timeout. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 322 次。
如何安装 continuous-openclaw-config-guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install continuous-openclaw-config-guard」即可一键安装,无需额外配置。
continuous-openclaw-config-guard 是免费的吗?
是的,continuous-openclaw-config-guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
continuous-openclaw-config-guard 支持哪些平台?
continuous-openclaw-config-guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 continuous-openclaw-config-guard?
由 货又星(@cxlhyx)开发并维护,当前版本 v1.0.1。
推荐 Skills