ClawHub

Gateway Guard

Security checks across malware telemetry and agentic risk

Overview

Gateway Guard is mostly disclosed and purpose-related, but it has review-worthy authority over auth config, local processes, background automation, and automatic agent continuation.

Review before installing. Use the read-only status/ensure commands first, back up openclaw.json, and avoid install_watcher.sh, watch, or continue-on-error --loop unless you explicitly want background automation that can restart/sync gateway auth and tell agents to continue after errors. Verify the missing LaunchAgent plist files and any what-just-happened or Telegram behavior before enabling persistence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
try:
        r = subprocess.run(cmd, env=env, cwd=str(_openclaw_home()), timeout=60, capture_output=True, text=True)
        if r.returncode != 0:
            subprocess.run(
                ["bash", "-l", "-c", f'exec "{openclaw_bin}" agent --message "continue" --deliver'],
                env={**env, "OPENCLAW_HOME": str(_openclaw_home())},
                cwd=str(_openclaw_home()),
Confidence
99% confidence
Finding
subprocess.run( ["bash", "-l", "-c", f'exec "{openclaw_bin}" agent --message "continue" --deliver'], env={**env, "OPENCLAW_HOME": str(_openclaw_home())},

subprocess module call

Medium
Category
Dangerous Code Execution
Content
wjh_ran = False
        if wjh_script.exists():
            try:
                subprocess.run(
                    [sys.executable, str(wjh_script)],
                    env={**os.environ, "OPENCLAW_HOME": str(_openclaw_home())},
                    cwd=str(_openclaw_home()),
Confidence
88% confidence
Finding
subprocess.run( [sys.executable, str(wjh_script)], env={**os.environ, "OPENCLAW_HOME": str(_openclaw_home())}, cwd=str(_open

Tainted flow: 'openclaw_bin' from os.environ.get (line 352, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
try:
        r = subprocess.run(cmd, env=env, cwd=str(_openclaw_home()), timeout=60, capture_output=True, text=True)
        if r.returncode != 0:
            subprocess.run(
                ["bash", "-l", "-c", f'exec "{openclaw_bin}" agent --message "continue" --deliver'],
                env={**env, "OPENCLAW_HOME": str(_openclaw_home())},
                cwd=str(_openclaw_home()),
Confidence
99% confidence
Finding
subprocess.run( ["bash", "-l", "-c", f'exec "{openclaw_bin}" agent --message "continue" --deliver'], env={**env, "OPENCLAW_HOME": str(_openclaw_home())},

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal