oc_guard
Safe OpenClaw config planning/apply workflow with bilingual execution receipts.
Why use this skill?
Secure your OpenClaw configuration with the oc-guard skill. Implement a safe, audited plan-and-apply workflow for all system changes.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/edmond-ai/oc-guard-skillWhat This Skill Does
The oc-guard skill acts as a mandatory safety gate for all configuration modifications within the OpenClaw ecosystem. Rather than permitting direct, potentially destructive edits to sensitive configuration files like ~/.openclaw/openclaw.json, oc-guard implements a strict plan-then-apply workflow. This ensures that every system change is previewed, validated, and explicitly acknowledged before persistent changes are written to disk. The skill provides bilingual execution receipts, ensuring that both system logs and human operators have a clear, verifiable record of all modifications. By leveraging the bundled script at {baseDir}/scripts/oc-guard.py, the AI agent ensures that the integrity of the OpenClaw environment is maintained through automated, auditable, and repeatable processes.
Installation
To integrate this safety layer into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/edmond-ai/oc-guard-skill
Use Cases
Use oc-guard whenever you need to adjust environment variables, update system paths, or toggle feature flags within OpenClaw. It is particularly valuable in multi-user or automated environments where 'drift' in configuration can cause critical failures. It is also the designated tool for staging complex multi-step configuration changes, allowing the AI to propose a series of modifications via the --proposal flag, which can then be reviewed by a human before final confirmation. This prevents accidental corruption of the base state during complex deployments or agent updates.
Example Prompts
- "oc-guard: I need to update the default API timeout to 30 seconds. Please plan this change and show me the impact."
- "oc-guard apply --confirm 'Change the default search engine to DuckDuckGo'"
- "oc-guard plan --proposal ./my-new-config.json"
Tips & Limitations
Always prioritize the use of the plan command before apply. The oc-guard system is designed to intercept and block raw file-writing operations; do not attempt to bypass this by editing files directly, as such actions may result in configuration rollback or process instability. If the tool detects a high-risk operation, it will explicitly require an --confirm flag to proceed. Never assume a configuration update was successful unless you have received a valid execution receipt from the script. If the script fails or is not invoked, the system will return 【模型说明-未执行】 to signal that no changes were committed to the filesystem.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-edmond-ai-oc-guard-skill": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-write, file-read, code-execution