← 返回 Skills 市场
466
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-sacred-rules
功能描述
Provides essential safety rules and tools for managing OpenClaw configs, backups, auth troubleshooting, and recovery to prevent system failures.
安全使用建议
Before installing or running this skill: (1) Review and fix the reset_cooldowns.sh embedded Python: it hardcodes '/Users/admin/...' which is inconsistent with the shell AUTH_FILE ($HOME) and can cause modifying the wrong file — correct it to use the same $AUTH_FILE path. (2) Recognize these scripts will read/copy/modify sensitive files (~/.openclaw/.env and auth-profiles.json). Only run them on a trusted machine, never as root, and ensure backup directories are private and/or encrypted. (3) Confirm the backup flow: safe_backup.sh copies .env and auth-profiles.json into $HOME/openclaw-backups — ensure that directory has restrictive permissions (700) to avoid leaking secrets. (4) If you do not trust the source, don't run the scripts; instead manually inspect and adapt them (especially remove or correct the hardcoded path and add explicit permission/ownership checks). (5) Ask the publisher or maintainer for clarification of required file/permission access and for a signed canonical source; prefer a skill that declares the exact sensitive files it touches and documents backup storage protections. If you want, I can produce a corrected version of reset_cooldowns.sh (and its Python block) that consistently uses $HOME and adds safety checks and permission-locking for the backup directory.
功能分析
Type: OpenClaw Skill
Name: openclaw-sacred-rules
Version: 1.0.0
The skill bundle aims to provide safety rules and recovery procedures for OpenClaw configuration, which is a benign purpose. However, the `scripts/reset_cooldowns.sh` script contains a hardcoded absolute path (`/Users/admin/.openclaw/...`) for a critical configuration file, making it non-portable and prone to failure on systems where the user's home directory is different. Similarly, a Python snippet in `references/recovery.md` uses an unexpanded `$HOME` variable within a string, which would also lead to execution failure. These are significant functional vulnerabilities in critical recovery scripts, classifying the bundle as suspicious due to potential operational failures rather than malicious intent.
能力评估
Purpose & Capability
The name/description match the actual scripts: they validate configs, create backups, check auth status, and reset cooldowns. However the manifest declares no required environment or filesystem access while the scripts clearly operate on sensitive OpenClaw files under $HOME/.openclaw (openclaw.json, .env, auth-profiles.json). That mismatch (no declared sensitive access but actual file operations) is unexpected and should be clarified.
Instruction Scope
SKILL.md repeatedly warns 'Never directly read auth-profiles.json' yet scripts (safe_backup.sh and reset_cooldowns.sh) copy and, in the case of reset_cooldowns, parse and modify auth-profiles.json. reset_cooldowns.sh backs up a path using $HOME but the embedded Python uses a hardcoded '/Users/admin/...' path, meaning the script will back up one file and modify another — an incoherence that can result in unexpected modifications or failures. The scripts also copy ~/.openclaw/.env (which contains secrets) to a backup dir; the SKILL.md does not discuss backup protection or permissions.
Install Mechanism
No install spec or external downloads — the skill is instruction-only and provides local scripts. This is lower risk than fetching remote binaries. Still, provided scripts will be written to disk as part of the skill bundle, so they should be audited (as done here).
Credentials
The registry metadata declares no required environment variables or credentials, but the scripts expect and source ~/.openclaw/.env and operate on auth-profiles.json (containing API keys and passwords). Backing up and copying .env and auth-profiles.json is a legitimate need for a backup/recovery tool, but the skill should have explicitly declared that it requires access to these sensitive files and should describe how backups are protected (permissions/encryption).
Persistence & Privilege
always:false and no automatic persistence is requested. The skill does modify OpenClaw files when you run its scripts (intended behavior for a recovery tool) but it does not ask for global/always-on privileges or attempt to change other skills' configurations. The risk is limited to the actions of these scripts when invoked.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-sacred-rules - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-sacred-rules触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
OpenClaw Sacred Rules v1.0.0 – Initial release.
- Introduces 8 essential safety rules to prevent OpenClaw system/configuration disasters.
- Provides best practices for handling backups, configuration edits, sandbox mode, and authentication.
- Includes scripts for safe backup, cooldown reset, config validation, and auth troubleshooting.
- Offers references for recovery and reinforces using only approved scripts/commands for interacting with sensitive files.
- Designed as a quick-access guide for anyone configuring or maintaining OpenClaw systems.
元数据
常见问题
OpenClaw Sacred Rules 是什么?
Provides essential safety rules and tools for managing OpenClaw configs, backups, auth troubleshooting, and recovery to prevent system failures. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 466 次。
如何安装 OpenClaw Sacred Rules?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-sacred-rules」即可一键安装,无需额外配置。
OpenClaw Sacred Rules 是免费的吗?
是的,OpenClaw Sacred Rules 完全免费(开源免费),可自由下载、安装和使用。
OpenClaw Sacred Rules 支持哪些平台?
OpenClaw Sacred Rules 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Sacred Rules?
由 AgentUnc(@jayrizz)开发并维护,当前版本 v1.0.0。
推荐 Skills