openclaw-config-guard

Audit and safely repair OpenClaw configuration with deterministic validation, backups, rollback, and change reporting. Use when asked to review or modify `openclaw.json`, check whether OpenClaw can still start, safely fix startup-blocking config errors, or audit OpenClaw config before deciding on changes.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "openclaw-config-guard" with this command: npx skills add soal2/openclaw-config-guard

OpenClaw Config Guard

Audit first. Repair only when the fix is proven. Protect startup over aesthetics.

Required Sources

Before making any judgment, open the official docs listed in references/official-sources.md. Treat them as the source of truth for schema, allowed values, and repair guidance. Do not rely on memory for config rules.

Workflow

  1. Resolve the active config path:
python3 "<skill-dir>/scripts/config_guard.py" resolve-path --json

If that fails, fall back to ~/.openclaw/openclaw.json.

  1. Run a deterministic audit before touching the file:
python3 "<skill-dir>/scripts/config_guard.py" audit --doctor

This wraps:

  • openclaw config validate --json
  • optional openclaw doctor --non-interactive
  1. Classify findings:
  • startup blockers: JSON5 parse failures, schema validation failures, unknown keys, wrong types, invalid enum values, missing required structure, or clearly conflicting settings that prevent startup.
  • recommendations: suspicious but non-blocking items such as duplicate plugin IDs, stale-but-working config, style cleanup, or non-critical hardening suggestions.
  1. Decide whether you may auto-fix:
  • Only auto-fix if the issue is a startup blocker.
  • Only auto-fix if the docs or CLI output clearly show the correct repair.
  • Prefer openclaw config set / openclaw config unset for exact path edits.
  • Use manual JSON5 edits only when the CLI cannot express the required change and preserving comments or structure matters.
  • Never run openclaw doctor --fix by default.
  • Never restart OpenClaw by default.
  1. Backup before any write:
python3 "<skill-dir>/scripts/config_guard.py" backup --json
  1. Re-validate after any write:
python3 "<skill-dir>/scripts/config_guard.py" validate --doctor --json

If post-change validation fails, roll back immediately from the backup and say so in the report.

  1. Summarize what changed:
python3 "<skill-dir>/scripts/config_guard.py" diff --before /path/to/before --after /path/to/after --json

If you want a deterministic report frame, prepare a JSON manifest and run:

python3 "<skill-dir>/scripts/config_guard.py" report --manifest /path/to/manifest.json

<skill-dir> means the directory that contains this SKILL.md. Resolve relative paths against this skill directory instead of assuming any environment variable is set.

Decision Boundaries

  • Do not change non-blocking issues without user approval.
  • Do not guess undocumented keys or values.
  • Do not rewrite the whole config just to normalize formatting.
  • Do not claim success without rerunning validation.
  • Do not leave the user without a backup path, modified paths list, and post-change validation result.

Report Requirements

The final Markdown report must include:

  • official sources consulted
  • active config path
  • pre-change validation result
  • startup blockers found
  • automatic fixes applied
  • issues intentionally not auto-fixed and why
  • non-blocking recommendations for user decision
  • modified config paths
  • backup path
  • post-change validation result
  • whether manual restart is needed, and why

Resources

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Code Review Inspector

Automated code review checking for bugs, security issues, best practices, performance problems, and code style

Registry SourceRecently Updated
330michaelatamuk
Security

agent-bom runtime

AI runtime security monitoring — context graph analysis, runtime audit log correlation with CVE findings, and vulnerability analytics queries. Use when the u...

Registry SourceRecently Updated
7870msaad00
Security

agent-bom scan

Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container...

Registry SourceRecently Updated
7740msaad00
Security

agent-bom vulnerability intel

Use agent-bom to check package, SBOM, inventory, and agent dependency exposure against OSV, GitHub Security Advisories, NVD, EPSS, and CISA KEV with explicit...

Registry SourceRecently Updated
300msaad00