← 返回 Skills 市场
romainsantoli-web

Firm Config Migration Pack

作者 romainsantoli-web · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
308
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install firm-config-migration-pack
功能描述
Configuration migration and integrity audit pack. Shell env sanitization, plugin integrity, token separation, OTEL redaction, and RPC rate limiting. 5 migrat...
使用说明 (SKILL.md)

firm-config-migration-pack

⚠️ Contenu généré par IA — validation humaine requise avant utilisation.

Purpose

Validates configuration migration safety: shell environment sanitization (LD_PRELOAD, DYLD_*), plugin integrity via SHA-256 manifest verification, token separation enforcement, OpenTelemetry PII redaction, and RPC rate limiting.

Tools (5)

Tool Description Severity
openclaw_shell_env_check Shell environment sanitization (LD_/DYLD_) HIGH
openclaw_plugin_integrity_check Plugin SHA-256 manifest drift detection HIGH
openclaw_token_separation_check Token separation enforcement HIGH
openclaw_otel_redaction_check OTEL PII redaction validation MEDIUM
openclaw_rpc_rate_limit_check RPC rate limiting configuration MEDIUM

Usage

skills:
  - firm-config-migration-pack

# Audit configuration before migration:
openclaw_shell_env_check config_path=/path/to/config.json
openclaw_plugin_integrity_check config_path=/path/to/config.json

Requirements

  • mcp-openclaw-extensions >= 3.0.0
安全使用建议
This skill appears to describe legitimate configuration and integrity checks, but it is instruction-only and depends on an external extension (mcp-openclaw-extensions) that is not included or linked. Before installing or running: 1) Verify the source and publisher of mcp-openclaw-extensions and obtain its code or package from a trusted place; 2) Inspect the implementations of the named tools (openclaw_shell_env_check, openclaw_plugin_integrity_check, etc.) to confirm they only read the expected config/env paths and do not exfiltrate data; 3) Run the checks in a restricted/sandbox environment first and review logs/output for unexpected network activity; 4) Because the SKILL.md warns 'generated by AI — human validation required', perform a manual review of the logic, and ensure no secrets or tokens are transmitted to external endpoints; 5) If you cannot verify the dependency provenance or tool implementations, do not enable this skill in production environments.
功能分析
Type: OpenClaw Skill Name: firm-config-migration-pack Version: 1.0.0 The skill bundle describes a set of configuration migration and integrity audit tools, focusing on security checks like shell environment sanitization, plugin integrity, token separation, and OTEL PII redaction. All listed tools and their descriptions align with a legitimate security auditing purpose. There are no signs of data exfiltration, malicious execution, persistence, obfuscation, or prompt injection attempts against the AI agent. The instructions in SKILL.md are clear, descriptive, and consistent with the stated purpose, providing usage examples for the audit checks.
能力评估
Purpose & Capability
The name and description (config migration, env sanitization, plugin integrity, OTEL redaction, RPC rate-limiting) line up with the listed checks. The SKILL.md declares a dependency on mcp-openclaw-extensions >= 3.0.0 which plausibly provides the five named tools. However, the skill does not include the tools, binaries, or an install spec itself; it assumes an external extension is present. That dependency is reasonable but deserves verification (who publishes mcp-openclaw-extensions?).
Instruction Scope
The runtime instructions are short and scoped: examples call tools with a config_path argument (e.g., openclaw_shell_env_check config_path=/path/to/config.json). They do not explicitly instruct reading unrelated system files or contacting external endpoints. However, the checks (shell env sanitization, token separation, OTEL PII redaction) necessarily inspect environment variables and configuration files which can contain secrets or PII. Because the skill is instruction-only and delegates behavior to external tools, the precise actions depend entirely on those tools' implementations — which are not provided here.
Install Mechanism
No install spec and no code files (instruction-only) — lowest risk in terms of code being written by the skill itself. But the SKILL.md declares mcp-openclaw-extensions >= 3.0.0 as a required dependency without giving a source or install method. This means the agent must already have that extension or fetch it from elsewhere; the lack of provenance for that dependency is a concern and should be validated before use.
Credentials
The skill declares no required environment variables, yet several checks imply access to environment variables (LD_PRELOAD/DYLD_*, tokens, OTEL data) and to configuration files. Inspecting env/config is reasonable for its purpose, but those are sensitive data sources. The SKILL.md does not enumerate what environment or secrets it will read, nor how data is handled or whether external reporting occurs. That mismatch (no declared env access but implied sensitive reads) justifies caution.
Persistence & Privilege
always is false and there is no install that writes persistent agent-wide configuration. The skill does not request permanent presence or attempt to modify other skills' configs. Autonomous invocation is allowed (default) but that is normal and not a standalone concern here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install firm-config-migration-pack
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /firm-config-migration-pack 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of firm-config-migration-pack. - Provides 5 tools for auditing configuration migrations: shell env sanitization, plugin integrity checks, token separation, OTEL PII redaction, and RPC rate limiting. - Ensures migration safety through automated checks and validations. - Requires mcp-openclaw-extensions >= 3.0.0. - Includes usage examples and tool descriptions with severity levels.
元数据
Slug firm-config-migration-pack
版本 1.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Firm Config Migration Pack 是什么?

Configuration migration and integrity audit pack. Shell env sanitization, plugin integrity, token separation, OTEL redaction, and RPC rate limiting. 5 migrat... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 308 次。

如何安装 Firm Config Migration Pack?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install firm-config-migration-pack」即可一键安装,无需额外配置。

Firm Config Migration Pack 是免费的吗?

是的,Firm Config Migration Pack 完全免费(开源免费),可自由下载、安装和使用。

Firm Config Migration Pack 支持哪些平台?

Firm Config Migration Pack 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Firm Config Migration Pack?

由 romainsantoli-web(@romainsantoli-web)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论