Safely apply OpenClaw config changes with backup, automatic rollback on failure, health checks, and commands for patching, restoring, listing, diffing, valid...
Security Analysis
high confidenceThe skill is internally consistent with its stated purpose (safe OpenClaw config changes with backups and rollback); it modifies local OpenClaw config, creates backups, and may restart the gateway — behavior matches the documentation and code.
Name/README/SKILL.md all describe safe edits to an OpenClaw config and rollback behavior. The code operates on ~/.openclaw/openclaw.json (or cwd/openclaw.json), posts health-checks to localhost:18789, creates backups, writes files, and issues pgrep/kill commands to the gateway process — all coherent with a config-guard tool.
SKILL.md instructs installation via npm and shows CLI/programmatic usage that reads/writes ~/.openclaw/openclaw.json, manages backups in ~/.openclaw/config-backups/, and restarts the gateway. Those operations are expected for the tool, but the registry metadata did not declare any required config paths or filesystem access; the instructions explicitly require write access to ~/.openclaw which should be noted.
The skill bundle includes full source files but provides no install spec in the registry. SKILL.md instructs users to install via `npm install -g jasper-configguard` (which downloads code from the npm registry). No download-from-untrusted-URL or extraction steps are present in the manifest — risk is standard for installing an npm package; verify package provenance before global install.
No environment variables or secrets are requested. The code uses HOME to locate config paths and expects write access to those paths. It does not request or transmit credentials or contact external endpoints beyond the local gateway (http://localhost:18789).
The skill will modify local configuration files and attempt to restart the gateway using OS signals (pgrep/kill). That is an expected privilege for a config management tool but is a privileged action on the host — consider whether the agent runtime should be allowed to perform these operations automatically.
Guidance
This package appears to do what it says: it reads/writes your OpenClaw config (~/.openclaw/openclaw.json), stores backups in ~/.openclaw/config-backups/, and may restart the gateway process (pgrep/kill). Before installing or letting an agent invoke it autonomously, consider: (1) Verify the package source (npm name, repository, owner) and that you trust the publisher. (2) Back up your current config manually. (3) Run it in a non-production environment first (use --dry-run and --no-restart). (4) Ensure the agent/runtime has only the minimum permissions you are comfortable with — this tool needs filesystem write access and the ability to signal processes. (5) Note the minor metadata mismatch: the registry metadata lists no required config paths, but the tool expects ~/.openclaw; ensure path expectations match your deployment. If you want stricter control, require manual confirmation for patches or avoid enabling autonomous invocation for this skill.
Latest Release
v1.0.0
Initial release of jasper-configguard v1.0.0 - Safely apply configuration changes to OpenClaw with automatic backups and rollback on failure. - Includes health checks after service restarts; auto-restores previous config if OpenClaw fails to start. - Provides commands: patch (apply config), restore (from backup), list (backups), diff (preview changes), validate, and doctor (health check). - Supports dry-run for safe preview of configuration changes. - Agent and JavaScript API integration for automated config management.
More by @emberDesire
Published by @emberDesire on ClawHub
