openclaw-config-helper

The skill is largely aligned with its stated purpose of guiding safe configuration changes through a documented, stepwise workflow. It emphasizes schema checks, documentation review, and user confirmation before applying changes, which is appropriate for configuration safety. However, certain aspects raise concerns: (1) explicit guidance to hardcode API keys in examples could encourage insecure practices; (2) the ability to execute powerful gateway config commands (config.patch/config.apply) introduces risk of misconfiguration or downtime if misused, though mitigated by mandatory confirmation; (3) the presence of remote doc fetching and external content introduces a potential, albeit low, surface for supply-chain or data exposure if automation evolves. Overall, the security risk is moderate (suspicious-to-minimal risk), primarily due to credential-handling guidance and the destructive potential of config-altering commands.