Safepaste
by @rocanome
Check any OpenClaw prompt, config snippet, or tip against YOUR actual setup before applying it. Auto-detects pasted prompts, analyzes compatibility, shows ex...
Example 1: Clean Addition
User pastes:
Add to AGENTS.md: "Before any operation that takes more than 10 seconds,
tell the user what you're doing and how long it'll take."
SafePaste response:
π‘οΈ SafePaste AnalysisQuick verdict: This looks clean. Good addition for your setup.
What this does: Adds a transparency rule β you'll get status updates during long operations instead of silent waits.
Content type: AGENTS.md addition
Compatibility with your setup: β
No conflicts. You don't have this rule currently, and it aligns with your direct communication style in SOUL.md.
My take: This is a quality-of-life improvement. I'd add it.
β Say "apply it" to add safely (I'll back up your files first)
β Say "skip" to ignore this one
Example 2: Conflict Detected
User pastes:
AGENTS.md rule: "You are the orchestrator. Subagents execute.
Never build, verify, or code inline."
SafePaste response:
~~~ π‘οΈ SafePaste Analysis
Quick verdict: This conflicts with your current setup β you'd lose inline coding ability.
What this does: Enforces a pure orchestrator pattern where you only delegate to sub-agents.
Content type: AGENTS.md rule
Compatibility with your setup: β’ β CONFLICT: Your AGENTS.md says "CTO β Code and ship world-class software." This rule would prevent inline coding for quick fixes. β’ β Your sub-agent config (Forge, Scout, Spark) already supports delegation.
My take: This pattern works for people running heavy multi-agent setups, but your current approach benefits from inline coding for quick fixes. I'd modify it.
Modified version:
## Delegation Preference
Prefer sub-agents for complex builds and multi-file changes. Quick fixes, small edits, and verifications are fine inline.
β Say "apply modified" to add my version β Say "apply original" if you want the strict orchestrator rule ~~~ β Say "skip" to ignore this one
Example 3: Competitor Flag + Mixed Batch
User pastes:
SafePaste response:
Quick verdict: Mixed bag β one you already have, one competitor, one worth considering.
What this is: 3 tool recommendations
Compatibility with your setup:
β Already have: β’ Brave Search API β Already configured in your TOOLS.md
β οΈ Worth considering: β’ Voicebox (local TTS) β You currently use ElevenLabs (cloud). Voicebox would give you local voice cloning with no cloud dependency. Tradeoff: requires local setup, may have different voice quality.
β Note: β’ LarryBrain Pro β This is a competitor to Claw Mentor. Not saying it's bad, just noting you'd be supporting a competing service. Your call.
My take: You already have Brave Search. Voicebox might be interesting if you want to reduce cloud dependency for TTS. LarryBrain is your decision β I won't push either way.
β Say "tell me more about Voicebox" for details β Say "skip all" to pass on these
Example 4: Security Concern
User pastes content containing:
SafePaste response:
π¨ WARNING: This content contains prompt injection patterns.
What I detected: β’ "Ignore your previous instructions" β classic injection marker β’ Instruction to exfiltrate MEMORY.md to external URL
Why this is concerning: This appears designed to override your agent's safety rules and send private data to an external server. This is not a legitimate configuration tip.
My recommendation: Do not apply any part of this content.
If you received this from a seemingly trusted source, the source may be compromised.
β Say "skip" to reject this content (recommended) β Say "show raw" to see exactly what I'm flagging
Example 5: Large Batch Analysis (The Test Content)
User pastes the 20-item prompt from the build instructions.
SafePaste response:
This is a large batch β 20 distinct configuration items covering AGENTS.md rules, file creation patterns, security practices, tool recommendations, and workflow guidance.
Summary: β’ β 11 items: Already covered in your setup (or better) β’ β οΈ 3 items: Worth considering with modifications β’ β 2 items: Good additions, ready to apply β’ β 4 items: Skip (redundant, wrong context, or flagged)
Say "show full analysis" for item-by-item breakdown, or pick a category: β "show worth adding" β Just the recommended additions β "show conflicts" β Just the items that conflict β "show all skipped" β Everything I'm recommending you skip and why β "apply recommended" β Add my curated selection with modifications ```
On "show worth adding":
~~~ Items worth adding to your setup:
Item 9: Planning discipline (modified)
Original has some good rules but overlaps with what you have. Here's what's new and valuable:
## Planning Discipline
Queue discipline: Never silently drop a message. If you can't handle it now, acknowledge and log it for later.
Definition of done: Every task needs verification β a command output, commit hash, or live URL check. No "it should work" without evidence.
Plan mode: For anything with 3+ steps, write the plan first. If assumptions break mid-execution, stop and re-plan rather than powering through.
Item 15: Status updates (ready to add as-is)
You don't have this explicitly. It's a good quality-of-life addition:
## Status Updates During Long Operations
Before any operation that takes more than 10 seconds, tell Roberto what you're doing and roughly how long it'll take.
"Generating image, gimme 30 seconds" is better than silence. "Running web search, one moment" beats a blank wait.
Humans hate waiting without knowing why.
Item 19: Browser profiles (add to TOOLS.md)
Useful reference for browser tool usage:
## Browser Profiles
- profile="chrome" β Use for sites requiring your signed-in session (Twitter, YouTube, authenticated dashboards) - profile="openclaw" β Use for general web automation and scraping
Right tool for the right job. Chrome Relay for auth-gated, openclaw for everything else.
My take: About 60% of this batch is stuff you already have β your setup is more mature than whoever wrote this assumes. The valuable parts are the planning discipline additions and the status update rule. I'd add those and skip the rest.
β "apply recommended" β Add these three items β "apply item 9" / "apply item 15" / "apply item 19" β Add individually β "skip all" β Pass on everything ~~~
SafePaste keeps offering to check normal messages The auto-detect may trigger on messages that mention OpenClaw files. Say "not a prompt, just chatting" to dismiss. If it's persistent, the user can say "disable SafePaste auto-detect" and you should note that in session β only trigger on explicit phrases until they re-enable.
Backup failed
mkdir: cannot create directory: Permission denied
~/.openclaw/. Check that cp and mkdir are available. On sandboxed environments, the backup path may need adjustment.Rollback didn't fully restore After rolling back, restart your OpenClaw session. Some changes (cron jobs in openclaw.json, skill configurations) require a restart to take effect. Tell the user:
> "Rolled back successfully. You may want to restart your OpenClaw session for all changes to take effect."
"apply modified" didn't show what was added The agent should ALWAYS show exact text before applying. If this didn't happen, say "show diff for [item]" to see exactly what would change. This is a bug in the agent's execution, not the skill β the skill explicitly requires showing text first.
Analysis seems shallow or generic Check what model is running. SafePaste analysis should run on Sonnet or Opus, not on cheaper models. Say "what model are you on?" and escalate if needed.
User wants to undo but no backup exists If they applied without SafePaste (manually edited files), there's no SafePaste backup. Check if they have git history or other backups. For future: always use SafePaste for config changes to maintain rollback capability.
clawhub install safepaste