OpenClaw logo
OpenClaw Skills
skills$openclaw/config-guardian
abdhilabs8.4k

by abdhilabs

config-guardian – OpenClaw Skill

config-guardian is an OpenClaw Skills integration for ai ml workflows. Validate and safeguard OpenClaw config updates (openclaw.json or openclaw config set/apply). Use this skill whenever changing gateway config, models, channels, agents, tools, sessions, or routing. Enforces backup, schema validation, and safe rollback before restarts.

8.4k stars3.7k forksSecurity L1
Updated Feb 7, 2026Created Feb 7, 2026ai ml

Skill Snapshot

nameconfig-guardian
descriptionValidate and safeguard OpenClaw config updates (openclaw.json or openclaw config set/apply). Use this skill whenever changing gateway config, models, channels, agents, tools, sessions, or routing. Enforces backup, schema validation, and safe rollback before restarts. OpenClaw Skills integration.
ownerabdhilabs
repositoryabdhilabs/config-guardian
languageMarkdown
licenseMIT
topics
securityL1
installopenclaw add @abdhilabs/config-guardian
last updatedFeb 7, 2026

Maintainer

abdhilabs

abdhilabs

Maintains config-guardian in the OpenClaw Skills directory.

View GitHub profile
File Explorer
7 files
.
scripts
backup_config.sh
286 B
diff_config.sh
206 B
restore_config.sh
243 B
validate_config.sh
1.8 KB
_meta.json
285 B
SKILL.md
2.0 KB
SKILL.md

name: config-guardian description: Validate and safeguard OpenClaw config updates (openclaw.json or openclaw config set/apply). Use this skill whenever changing gateway config, models, channels, agents, tools, sessions, or routing. Enforces backup, schema validation, and safe rollback before restarts.

Config Guardian

Overview

Use this workflow whenever editing ~/.openclaw/openclaw.json or running openclaw config set/apply. It prevents invalid config, creates backups, validates against schema, and enables rollback.

Workflow (use every time)

  1. Preflight

    • Confirm the requested change and scope.
    • Check for sensitive keys (tokens, credentials).

  2. Backup

    • Run scripts/backup_config.sh to create a timestamped snapshot.

  3. Validate (before change)

    • Run scripts/validate_config.sh.
    • If validation fails, stop and report.

  4. Apply change

    • Prefer openclaw config set <path> <value> for small changes.
    • For complex edits, edit the file directly and keep diffs minimal.

  5. Validate (after change)

    • Run scripts/validate_config.sh again.
    • If it fails, restore from backup with scripts/restore_config.sh.

  6. Restart (only with explicit approval)

    • If change requires restart, ask for approval first.
    • Use openclaw gateway restart.

Guardrails

  • Never restart or apply config without explicit user approval.
  • Never remove keys or reorder blocks unless requested.
  • Always keep a backup before edits.
  • If unsure about schema: run openclaw doctor --non-interactive and stop on errors.

Scripts

  • scripts/backup_config.sh — create timestamped backup
  • scripts/validate_config.sh — validate config via OpenClaw doctor
  • scripts/diff_config.sh — diff current config vs backup
  • scripts/restore_config.sh — restore backup

Validation

  • Use openclaw doctor --non-interactive for schema validation
  • This checks against the actual schema that the gateway uses
  • Warns about unknown keys, invalid types, and security issues
README.md

No README available.

Permissions & Security

Security level L1: Low-risk skills with minimal permissions. Review inputs and outputs before running in production.

Requirements

  • OpenClaw CLI installed and configured.
  • Language: Markdown
  • License: MIT
  • Topics:

Configuration

## Overview Use this workflow whenever editing `~/.openclaw/openclaw.json` or running `openclaw config set/apply`. It prevents invalid config, creates backups, validates against schema, and enables rollback. ## Workflow (use every time) 1. **Preflight** - Confirm the requested change and scope. - Check for sensitive keys (tokens, credentials). 2. **Backup** - Run `scripts/backup_config.sh` to create a timestamped snapshot. 3. **Validate (before change)** - Run `scripts/validate_config.sh`. - If validation fails, stop and report. 4. **Apply change** - Prefer `openclaw config set <path> <value>` for small changes. - For complex edits, edit the file directly and keep diffs minimal. 5. **Validate (after change)** - Run `scripts/validate_config.sh` again. - If it fails, restore from backup with `scripts/restore_config.sh`. 6. **Restart (only with explicit approval)** - If change requires restart, ask for approval first. - Use `openclaw gateway restart`. ## Guardrails - **Never** restart or apply config without explicit user approval. - **Never** remove keys or reorder blocks unless requested. - **Always** keep a backup before edits. - If unsure about schema: run `openclaw doctor --non-interactive` and stop on errors. ## Scripts - `scripts/backup_config.sh` — create timestamped backup - `scripts/validate_config.sh` — validate config via OpenClaw doctor - `scripts/diff_config.sh` — diff current config vs backup - `scripts/restore_config.sh` — restore backup ## Validation - Use `openclaw doctor --non-interactive` for schema validation - This checks against the actual schema that the gateway uses - Warns about unknown keys, invalid types, and security issues

FAQ

How do I install config-guardian?

Run openclaw add @abdhilabs/config-guardian in your terminal. This installs config-guardian into your OpenClaw Skills catalog.

Does this skill run locally or in the cloud?

OpenClaw Skills execute locally by default. Review the SKILL.md and permissions before running any skill.

Where can I verify the source code?

The source repository is available at https://github.com/openclaw/skills/tree/main/skills/abdhilabs/config-guardian. Review commits and README documentation before installing.