ClawHub

Gateway Watchdog

Security checks across malware telemetry and agentic risk

Overview

This is a real background watchdog for OpenClaw Gateway, but it can automatically and persistently kill broad local process groups, so users should review it before installing.

Install only on a machine where it is acceptable for a background service to restart OpenClaw Gateway and potentially stop other Node.js or OpenClaw-related processes. Prefer reviewing or modifying the restart logic to target only the Gateway PID, use a pinned source or reviewed package contents, disable DingTalk unless needed, and confirm OS-specific stop and uninstall steps before enabling autostart.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
else:  # Linux/Mac
        try:
            # 杀掉所有 node 进程(谨慎使用)
            subprocess.run(["pkill", "-f", "openclaw"], 
                          capture_output=True, timeout=10)
        except Exception:
            pass
Confidence
86% confidence
Finding
subprocess.run(["pkill", "-f", "openclaw"], capture_output=True, timeout=10)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states it will automatically set up auto-start and automatically run a monitoring service, but it does not clearly warn the user up front that persistent background execution will be enabled. This is dangerous because users may trigger installation without realizing it changes system startup behavior and creates a continuously running process, which affects system integrity and consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill supports configuring DingTalk webhook notifications but does not clearly warn that system or service status information may be transmitted to an external third-party endpoint. This is dangerous because users may disclose operational metadata outside their environment without understanding the privacy and data-handling implications.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script automatically sends service-status notifications to an external DingTalk webhook, disclosing uptime, outages, restart attempts, and failures to a third-party endpoint. In context, this is more sensitive because the telemetry is sent continuously and without any runtime consent, environment gating, or minimization, which can leak operational details useful for reconnaissance if the webhook is misconfigured or exposed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The watchdog automatically performs destructive actions by killing processes and restarting services without any confirmation or guardrails. In this context, the danger is elevated because the loop is autonomous and persistent, so a misconfiguration or false health check can repeatedly terminate processes and destabilize the host.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal