Issue Station
Sign In
Tools hereToolbox

openclaw - ✅(Solved) Fix [v1.4.9] skills.entries custom fields rejected by schema validation at runtime [1 pull requests, 2 comments, 3 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#73939Fetched 2026-04-29 06:13:08
View on GitHub
Comments
2
Participants
3
Timeline
5
Reactions
0
Author
MarkMa84MarkMa84
Participants
brokemac79brokemac79clawsweeper[bot]clawsweeper[bot]MarkMa84MarkMa84
Timeline (top)
commented ×2cross-referenced ×1mentioned ×1subscribed ×1

Fix Action

Fix / Workaround

Steps to Reproduce

  1. openclaw.jsonskills.entries 下添加自定义字段,例如:
"skills": {
  "entries": {
    "kaiwu8": {
      "api_endpoint": "https://api.example.com",
      "user_api_key": "test_key"
    }
  }
}
  1. 调用 gateway config.patch 或通过 UI 保存
  2. Gateway 返回:reload-invalid-config,配置回滚到备份版本

Workaround:使用环境变量绕过(KAIWU8_API_ENDPOINT 等)。

PR fix notes

PR #74024: [AI-assisted] fix(config): allow custom skill entry fields

Description (problem / solution / changelog)

Summary

  • Problem: skills.entries.<id> rejected custom top-level fields, even though skill authors may need per-skill extension config.
  • Why it matters: users configuring custom skills can hit schema failures for valid skill-specific settings.
  • What changed: allow unknown top-level skill entry fields while keeping known fields like enabled, apiKey, env, and config typed and validated.
  • What did NOT change (scope boundary): plugin entry schema and nested config behavior are unchanged.

AI-assisted: yes, built with Codex. I understand the code changes and verified the focused regression locally.

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor required for the fix
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Skills / tool execution
  • Gateway / orchestration
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

  • Closes #73939
  • This PR fixes a bug or regression

Root Cause (if applicable)

  • Root cause: the skill entry config schema used .strict(), rejecting extension fields outside the generic config bucket.
  • Missing detection / guardrail: tests only covered custom fields under config, not top-level per-skill extension fields.
  • Contributing context (if known): N/A

Regression Test Plan (if applicable)

  • Coverage level that should have caught this:
    • Unit test
  • Target test or file: src/config/config.skills-entries-config.test.ts
  • Scenario the test should lock in: custom top-level fields are accepted, while known fields still validate with their strict types.
  • Why this is the smallest reliable guardrail: it exercises the public config schema directly.
  • Existing test that already covers this (if any): N/A
  • If no new test is added, why not: N/A

User-visible / Behavior Changes

Users can add custom top-level fields under skills.entries.<skill-id> without config schema rejection.

Diagram (if applicable)

N/A

Security Impact (required)

  • New permissions/capabilities? No
  • Secrets/tokens handling changed? No
  • New/changed network calls? No
  • Command/tool execution surface changed? No
  • Data access scope changed? No
  • If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

  • OS: Windows
  • Runtime/container: local Node.js / pnpm workspace
  • Model/provider: N/A
  • Integration/channel (if any): N/A
  • Relevant config (redacted): N/A

Steps

  1. Configure skills.entries.custom-skill with a custom top-level field.
  2. Parse the config through OpenClawSchema.
  3. Confirm the custom field is accepted and known fields still reject invalid types.

Expected

  • Custom top-level skill entry fields are accepted.

Actual

  • Before this change, strict schema validation rejected them.

Evidence

  • Failing test/log before + passing after

Focused local validation:

node scripts/test-projects.mjs src/config/config.skills-entries-config.test.ts
Test Files  1 passed (1)
Tests       7 passed (7)

Human Verification (required)

  • Verified scenarios: focused config schema regression test; git diff --check before commit.
  • Edge cases checked: known enabled field still rejects non-boolean input.
  • What you did not verify: full repo pnpm test / pnpm check.

Review Conversations

  • I replied to or resolved every bot review conversation I addressed in this PR.
  • I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

  • Backward compatible? Yes
  • Config/env changes? No
  • Migration needed? No
  • If yes, exact upgrade steps: N/A

Risks and Mitigations

  • Risk: allowing accidental typo fields under skill entries.
    • Mitigation: known fields remain strongly validated, and this mirrors the requested extension-config behavior for custom skill metadata.

Changed files

  • docs/tools/skills-config.md (modified, +5/-0)
  • src/config/config.skills-entries-config.test.ts (modified, +21/-4)
  • src/config/redact-snapshot.test.ts (modified, +28/-0)
  • src/config/types.skills.ts (modified, +1/-0)
  • src/config/zod-schema.ts (modified, +1/-1)

Code Example

"skills": {
  "entries": {
    "kaiwu8": {
      "api_endpoint": "https://api.example.com",
      "user_api_key": "test_key"
    }
  }
}
RAW_BUFFERClick to expand / collapse

Bug Description

skills.entries.<skill-name> 下自定义字段(如 apiKeyapi_endpoint)在 openclaw.json 写入时通过了 schema 校验,但在 Gateway reload 时被 runtime validation 拒绝,导致配置回滚到备份版本。

受影响场景

  • skills.entries.tavilyapiKey 字段
  • skills.entries.kaiwu8api_endpoint + user_api_key 字段

Schema 现状

  • skills.entries.* 定义为 type: object(宽松,接受任意键)
  • 但实际写入时 Gateway 返回 reload-invalid-config 警告
  • skills.entries.getnote 可以正常保存(同样是自定义字段)

Steps to Reproduce

  1. openclaw.jsonskills.entries 下添加自定义字段,例如:
"skills": {
  "entries": {
    "kaiwu8": {
      "api_endpoint": "https://api.example.com",
      "user_api_key": "test_key"
    }
  }
}
  1. 调用 gateway config.patch 或通过 UI 保存
  2. Gateway 返回:reload-invalid-config,配置回滚到备份版本

Expected Behavior

自定义 skill 配置字段应能正常保存到 skills.entries.<skill-name> 下,Gateway 成功 reload。

Actual Behavior

配置写入后触发 reload-invalid-config 警告,配置被回滚。自定义字段无法持久化。

Environment

  • OS: macOS 25.4.0 (arm64) / Windows
  • OpenClaw: 2026.4.9
  • Node: v25.9.0

Additional Context

Workaround:使用环境变量绕过(KAIWU8_API_ENDPOINT 等)。

症状

  • tavily skill 的 apiKey 无法写入 skills.entries.tavily
  • kaiwu8 skill 的 api_endpoint + user_api_key 无法写入 skills.entries.kaiwu8
  • getnote 可以正常保存(通过 plugins.entries 加载,而 kaiwu8/tavily 通过 skills.load.extraDirs 加载,两者配置注入时机不同)

extent analysis

TL;DR

Modify the schema definition for skills.entries.* to explicitly allow custom fields or use environment variables as a workaround.

Guidance

  • Review the schema definition for skills.entries.* and consider adding explicit support for custom fields like apiKey and api_endpoint.
  • Use environment variables (e.g., KAIWU8_API_ENDPOINT) as a temporary workaround to bypass the validation issue.
  • Investigate the difference in configuration injection timing between plugins.entries and skills.load.extraDirs to understand why getnote can save custom fields successfully.
  • Verify that the reload-invalid-config warning is triggered by the custom fields and not by other configuration issues.

Example

No code snippet is provided as the issue is related to configuration and schema validation.

Notes

The issue seems to be related to the schema validation and configuration injection timing. The provided workaround using environment variables can help bypass the issue temporarily. However, a more permanent solution would require modifying the schema definition or understanding the underlying configuration injection mechanism.

Recommendation

Apply workaround: Use environment variables to bypass the validation issue, as it is a safer and more immediate solution. This will allow custom fields to be used until a more permanent solution can be implemented.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#ssr#installation#API versioning#request timeout

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING