Back to skill
Skillv1.0.7
ClawScan security
Gateway Guard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 5:37 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, scripts, and instructions are coherent with its stated purpose (detecting/fixing OpenClaw gateway auth drift and optionally auto-sending a local 'continue' command); it requires local config and process access but does not show unexplained external endpoints or credential exfiltration.
- Guidance
- This package appears to do what it says: compare and (if requested) repair gateway auth and optionally run a watcher that auto-sends a local 'continue' message when a run error appears. Before installing or enabling the watcher: 1) back up your openclaw.json; 2) run the status/ensure commands without --apply to see proposed changes; 3) understand and accept that the watcher will restart the gateway and can run 'openclaw agent --message continue --deliver' (this will send a local command to your agent); 4) the scripts use lsof/ps/kill/launchctl and may reveal secrets in process arguments to other local users (this is a normal risk when passing secrets on command lines); and 5) prefer to test in a non-production environment. If you need further assurance, inspect gateway_guard.py and the plist before installing and verify the LaunchAgent contents and environment substitutions (OPENCLAW_HOME/OPENCLAW_BIN) so the daemon runs with intended paths.
Review Dimensions
- Purpose & Capability
- okName/description match the code and SKILL.md: scripts inspect the running gateway, compare secrets to openclaw.json, can write gateway.auth when missing/incorrect, and can restart the gateway. Tools used (ps, lsof, kill, openclaw CLI) are appropriate for the task.
- Instruction Scope
- noteRuntime instructions ask the agent/user to run the included Python script and optional installer. The skill reads and may write the user's openclaw.json, probes processes and ports, and can issue local CLI commands (e.g., 'openclaw agent --message continue --deliver'). These actions are consistent with the stated purpose but are privileged (can restart gateway, change config, and auto-send 'continue'), so the user should explicitly consent and test in a non-production environment first.
- Install Mechanism
- okNo network install or arbitrary download. The package is file-based with included scripts and an optional LaunchAgent plist; install is a local copy or running provided install shell scripts. No third-party packages are pulled during install.
- Credentials
- noteThe skill declares no required env vars but the code uses OPENCLAW_HOME and OPENCLAW_BIN with sensible defaults. It needs read/write access to the user's OpenClaw workspace (openclaw.json, logs) and permission to inspect processes and start/stop the gateway. Those privileges are proportional to its purpose but are sensitive (config writes, process restarts, local CLI invocations).
- Persistence & Privilege
- notePersistence via a macOS LaunchAgent is optional and only installed if the user runs install_watcher.sh. The skill metadata sets always: false. Autonomy to invoke the skill is the platform default; combined with the optional watcher, it can autonomously restart gateway and auto-send 'continue' messages — this is expected for the described use but should be enabled only with informed consent.