openclaw-safe-change-flow
Safe OpenClaw config change workflow with backup, minimal edits, validation, health checks, and rollback. Single-instance first; secondary instance optional.
About this skill
This skill provides a robust and automated workflow for safely modifying OpenClaw configurations. Its primary goal is to prevent service outages by enforcing a disciplined approach to changes, ensuring every modification is verifiable and reversible. The core process involves creating a timestamped backup before any edits, applying only necessary changes, and immediately validating the configuration and system health. In the event of a validation failure, the system automatically rolls back to the previous stable state, restoring the backup and restarting the gateway. Designed for AI agents, this skill establishes a default policy for OpenClaw config alterations, guiding agents to use the provided `safe-change.sh` script instead of direct, unvalidated edits. This structured approach is critical in production environments where system stability and uptime are paramount, allowing agents to perform maintenance with reduced risk. It empowers autonomous systems to manage sensitive configurations effectively and reliably. Beyond single-instance validation, an optional dual-instance enhancement allows for verification against a secondary OpenClaw instance. This is particularly valuable for high-availability setups where changes must not compromise redundancy. By integrating this skill, users can delegate configuration management tasks to AI agents with confidence, knowing that a comprehensive safety net is in place.
Best use case
The primary use case for `openclaw-safe-change-flow` is to enable AI agents to perform highly reliable and safe configuration updates for OpenClaw instances, particularly in critical production environments. DevOps engineers, system administrators, and developers benefit by delegating routine yet high-stakes configuration changes to an AI, ensuring that a rigorous process of backup, validation, and potential rollback is always followed, thereby minimizing human error and service disruptions.
Safe OpenClaw config change workflow with backup, minimal edits, validation, health checks, and rollback. Single-instance first; secondary instance optional.
A successfully applied OpenClaw configuration change that has been backed up, validated, and confirmed, or an automatic rollback to the previous stable state if validation fails.
Practical example
Example input
Create an edit script named `update_log.sh` to change OpenClaw's `log_level` to `INFO` in `~/.openclaw/openclaw.json`, then execute it safely using the `openclaw-safe-change-flow` skill.
Example output
OpenClaw configuration successfully updated to `log_level=INFO`, validated, and confirmed stable. Backup `~/.openclaw/openclaw.json.bak.safe-20231027-143000` created. Gateway restarted. No issues detected.
When to use this skill
- When an AI agent needs to modify `openclaw.json` or other OpenClaw configurations.
- When maintaining high availability and preventing outages during configuration updates is critical.
- When you need to ensure all OpenClaw changes are validated and reversible.
- When automating system maintenance tasks that involve OpenClaw configuration adjustments.
When not to use this skill
- When applying configuration changes to non-OpenClaw systems.
- When quick, unvalidated, and potentially risky changes are intentionally desired (though generally not recommended).
- When the OpenClaw instance is not mission-critical and direct, unmanaged edits are acceptable.
- When advanced, custom change management workflows outside the described scope are required.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/openclaw-safe-change-flow/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How openclaw-safe-change-flow Compares
| Feature / Agent | openclaw-safe-change-flow | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | easy | N/A |
Frequently Asked Questions
What does this skill do?
Safe OpenClaw config change workflow with backup, minimal edits, validation, health checks, and rollback. Single-instance first; secondary instance optional.
How difficult is it to install?
The installation complexity is rated as easy. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Top AI Agents for Productivity
See the top AI agent skills for productivity, workflow automation, operational systems, documentation, and everyday task execution.
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# OpenClaw Safe Change Flow Goal: **avoid outages, keep rollback ready, verify every change**. Use **single-instance** mode by default. Secondary-instance checks are optional. --- ## Scope ### Default (recommended): single instance - Main config: `~/.openclaw/openclaw.json` ### Optional (advanced): dual instance - Secondary config: `~/.openclaw-secondary/openclaw.json` (or your custom path) If you do not need high-availability validation, single-instance flow is enough. --- ## Required single-instance flow 1. **Backup first** - Create timestamped backup: `*.bak.safe-YYYYmmdd-HHMMSS` 2. **Make minimal edits** - Change only necessary keys 3. **Validate immediately** - Run: `openclaw status --deep` 4. **Auto rollback on failure** - Restore backup and restart gateway 5. **Confirm availability** - Verify channels/interfaces respond correctly --- ## Agent execution convention (default behavior) After this skill is installed, treat this as default policy for config changes: - **Default entrypoint:** run config changes through `safe-change.sh` - **Avoid direct edits + bare restart** - **If user explicitly asks to bypass:** allow it, but warn about risk Mental model: - Before: edit config directly - Now: create a small edit script and run `safe-change.sh --main-script ./edit-main.sh` --- ## Optional dual-instance enhancement On top of single-instance flow, you may also verify a secondary instance: - `OPENCLAW_HOME=<secondary-home> openclaw gateway health --url <secondary-url> --token "$SECONDARY_TOKEN"` - If either instance validation fails, rollback Use this only when change risk is high or HA checks are required. --- ## Automation script (v1.0.2+) This skill includes `safe-change.sh` to enforce: **backup → change → validate → rollback on failure** ### Recommended: single-instance usage ```bash cat > ./edit-main.sh <<'SH' #!/usr/bin/env bash python3 edit_main.py SH chmod +x ./edit-main.sh ./safe-change.sh --main-script ./edit-main.sh ``` ### Optional: dual-instance usage ```bash cat > ./edit-main.sh <<'SH' #!/usr/bin/env bash python3 edit_main.py SH chmod +x ./edit-main.sh cat > ./edit-secondary.sh <<'SH' #!/usr/bin/env bash python3 edit_secondary.py SH chmod +x ./edit-secondary.sh export SECONDARY_TOKEN="<your-secondary-token>" ./safe-change.sh \ --main-script ./edit-main.sh \ --secondary-script ./edit-secondary.sh ``` When secondary checks are enabled, set `SECONDARY_TOKEN` as an environment variable. --- ## Safety rules - Never hardcode tokens or secrets - Validate before announcing success - Restore service first, investigate later - Always keep a recent known-good backup in production --- ## Manual quick template (single instance) ```bash TS=$(date +%Y%m%d-%H%M%S) cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak.safe-$TS # ...apply minimal config edits... openclaw status --deep ``` If validation fails: ```bash cp ~/.openclaw/openclaw.json.bak.safe-$TS ~/.openclaw/openclaw.json openclaw gateway restart ```
Related Skills
OpenClaw Mastery — The Complete Agent Engineering & Operations System
> Built by AfrexAI — the team that runs 9+ production agents 24/7 on OpenClaw.
jqopenclaw-node-invoker
统一通过 Gateway 的 node.invoke 调用 JQOpenClawNode 能力(file.read、file.write、process.exec、process.manage、system.run、process.which、system.info、system.screenshot、system.notify、system.clipboard、system.input、node.selfUpdate)。当用户需要远程文件读写、文件移动/删除、目录创建/删除、进程管理(列表/搜索/终止)、远程进程执行、命令可执行性探测、系统信息采集、截图采集、系统弹窗、系统剪贴板读写、输入控制(鼠标/键盘)、节点自更新、节点命令可用性排查或修复 node.invoke 参数错误时使用。
botlearn-healthcheck
botlearn-healthcheck — BotLearn autonomous health inspector for OpenClaw instances across 5 domains (hardware, config, security, skills, autonomy); triggers on system check, health report, diagnostics, or scheduled heartbeat inspection.
Incident Postmortem Generator
Generate blameless incident postmortems from raw notes, Slack threads, or bullet points.
Post-Mortem & Incident Review Framework
Run structured post-mortems that actually prevent repeat failures. Blameless analysis, root cause identification, and action tracking.
afrexai-performance-engineering
Complete performance engineering system — profiling, optimization, load testing, capacity planning, and performance culture. Use when diagnosing slow applications, optimizing code/queries/infrastructure, load testing before launch, planning capacity, or building performance into CI/CD. Covers Node.js, Python, Go, Java, databases, APIs, and frontend.
Legacy System Modernization Engine
Complete methodology for assessing, planning, and executing legacy system modernization — from monolith decomposition to cloud migration. Works for any tech stack, any scale.
Incident Response Playbook
Structured incident response for business and IT teams. Guides you through detection, triage, containment, resolution, and post-mortem — with auto-generated timelines and action items.
Git Engineering & Repository Strategy
You are a Git Engineering expert. You help teams design branching strategies, implement code review workflows, manage monorepos, automate releases, and maintain healthy repository practices at scale.
Django Production Engineering
Complete methodology for building, scaling, and operating production Django applications. From project structure to deployment, security to performance — every decision framework a Django team needs.
IT Disaster Recovery Plan Generator
Build production-ready disaster recovery plans that actually get followed when things break.
afrexai-api-architect
Design, build, test, document, and secure production-grade APIs. Covers the full lifecycle from schema design through deployment, monitoring, and versioning. Use when designing new APIs, reviewing existing ones, generating OpenAPI specs, building test suites, or debugging production issues.