Skillv1.0.0

ClawScan security

Gateway Watchdog · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 10:36 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it claims (a local watchdog that runs openclaw gateway commands) but it downloads and runs external code from an unverified GitHub repo and can persist a background process — these behaviors increase risk and deserve verification before install.
Guidance: This skill's behavior is coherent with a watchdog but has two things you should verify before installing: (1) the install script downloads an executable Python script from raw.githubusercontent.com — confirm the GitHub repository and its commit history are trustworthy and review the fetched script to ensure it hasn't been tampered with; (2) the watchdog runs continuously and can restart the gateway, so run it with least privileges (not as root) and in a controlled environment if possible. If you prefer to avoid runtime downloads, use the included gateway_watchdog.py after reviewing its source, and do not run install.py that fetches remote code. Finally, ensure the openclaw CLI is legitimate and the system paths used by the script point to the intended binaries.

Review Dimensions

Purpose & Capability: okThe name/description match the code and instructions: the scripts check gateway status and restart the OpenClaw gateway. The included files implement start/stop/status/restart and a long-running watchdog loop; none of the requested resources are unrelated to that purpose.
Instruction Scope: noteSKILL.md instructs the agent to download gateway_watchdog.py if missing and then run it (or run install.py which downloads the script). Downloading and executing an external Python script is outside the agent's runtime-only scope because it introduces new executable code at runtime. This is explainable for an installer, but it means the agent will fetch and run remote code — review the remote source before allowing this.
Install Mechanism: noteThere is no package manager install spec; install.py fetches a single file from raw.githubusercontent.com (a well-known host). Using raw.githubusercontent.com is preferable to an arbitrary IP/shortener, but the target repository owner (adminlove520/openclaw-gateway-watchdog-v2) is not verified in the skill metadata. Also the skill bundle already includes gateway_watchdog.py, making the download step redundant and potentially a channel for fetching different code.
Credentials: okThe skill does not request credentials or config paths. The runtime code reads common system env vars (APPDATA, LOCALAPPDATA) to search for openclaw locations — this is proportional to locating the CLI. No unrelated secrets or broad credential access are requested.
Persistence & Privilege: noteThe watchdog writes files (config, log, pid) in its script directory and launches a persistent background process that restarts the gateway; always:false so it won't be force-included. Persisting a background process is reasonable for a watchdog but increases attack surface if the running code can be updated remotely or replaced on disk.