Security checks across malware telemetry and agentic risk
The skill has a legitimate monitoring purpose, but it installs a persistent background watcher that can automatically trigger agent log summaries and may expose sensitive log details.
Install only if you want a persistent macOS background monitor that reads recent logs and may send summaries to Telegram. Review the installer and disable command, prefer local-only output unless needed, and avoid using it on systems where logs may contain secrets, tokens, private hostnames, or sensitive incident details.
OPENCLAW_HOME="${OPENCLAW_HOME:-$HOME/.openclaw}"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
WATCHER_SCRIPT="$SCRIPT_DIR/gateway_back_watcher.py"
PLIST_SRC="$SCRIPT_DIR/com.openclaw.what-just-happened.plist"
PLIST_DEST="$HOME/Library/LaunchAgents/com.openclaw.what-just-happened.plist"
if [[ ! -f "$WATCHER_SCRIPT" ]]; thenOPENCLAW_HOME="${OPENCLAW_HOME:-$HOME/.openclaw}"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
WATCHER_SCRIPT="$SCRIPT_DIR/gateway_back_watcher.py"
PLIST_SRC="$SCRIPT_DIR/com.openclaw.what-just-happened.plist"
PLIST_DEST="$HOME/Library/LaunchAgents/com.openclaw.what-just-happened.plist"
if [[ ! -f "$WATCHER_SCRIPT" ]]; thenSCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
WATCHER_SCRIPT="$SCRIPT_DIR/gateway_back_watcher.py"
PLIST_SRC="$SCRIPT_DIR/com.openclaw.what-just-happened.plist"
PLIST_DEST="$HOME/Library/LaunchAgents/com.openclaw.what-just-happened.plist"
if [[ ! -f "$WATCHER_SCRIPT" ]]; then
echo "Error: gateway_back_watcher.py not found at $WATCHER_SCRIPT"SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
WATCHER_SCRIPT="$SCRIPT_DIR/gateway_back_watcher.py"
PLIST_SRC="$SCRIPT_DIR/com.openclaw.what-just-happened.plist"
PLIST_DEST="$HOME/Library/LaunchAgents/com.openclaw.what-just-happened.plist"
if [[ ! -f "$WATCHER_SCRIPT" ]]; then
echo "Error: gateway_back_watcher.py not found at $WATCHER_SCRIPT"sed -e "s|OPENCLAW_HOME|$OPENCLAW_HOME|g" \
-e "s|OPENCLAW_WATCHER_SCRIPT|$WATCHER_SCRIPT|g" \
-e "s|OPENCLAW_BIN|$OPENCLAW_BIN|g" \
-e "s|PATH_PLACEHOLDER|$PATH_FOR_PLIST|g" \
"$PLIST_SRC" > "$PLIST_DEST"
echo "Installed $PLIST_DEST (openclaw: $OPENCLAW_BIN)"
launchctl unload "$PLIST_DEST" 2>/dev/null || true-e "s|OPENCLAW_WATCHER_SCRIPT|$WATCHER_SCRIPT|g" \
-e "s|OPENCLAW_BIN|$OPENCLAW_BIN|g" \
-e "s|PATH_PLACEHOLDER|$PATH_FOR_PLIST|g" \
"$PLIST_SRC" > "$PLIST_DEST"
echo "Installed $PLIST_DEST (openclaw: $OPENCLAW_BIN)"
launchctl unload "$PLIST_DEST" 2>/dev/null || true
launchctl load "$PLIST_DEST"-e "s|OPENCLAW_WATCHER_SCRIPT|$WATCHER_SCRIPT|g" \
-e "s|OPENCLAW_BIN|$OPENCLAW_BIN|g" \
-e "s|PATH_PLACEHOLDER|$PATH_FOR_PLIST|g" \
"$PLIST_SRC" > "$PLIST_DEST"
echo "Installed $PLIST_DEST (openclaw: $OPENCLAW_BIN)"
launchctl unload "$PLIST_DEST" 2>/dev/null || true
launchctl load "$PLIST_DEST"-e "s|OPENCLAW_BIN|$OPENCLAW_BIN|g" \
-e "s|PATH_PLACEHOLDER|$PATH_FOR_PLIST|g" \
"$PLIST_SRC" > "$PLIST_DEST"
echo "Installed $PLIST_DEST (openclaw: $OPENCLAW_BIN)"
launchctl unload "$PLIST_DEST" 2>/dev/null || true
launchctl load "$PLIST_DEST"
echo "Loaded. Gateway-back watcher runs every 15s. When the gateway goes from down to up, you'll get a what-just-happened summary in TUI or Telegram.""$PLIST_SRC" > "$PLIST_DEST" echo "Installed $PLIST_DEST (openclaw: $OPENCLAW_BIN)" launchctl unload "$PLIST_DEST" 2>/dev/null || true launchctl load "$PLIST_DEST" echo "Loaded. Gateway-back watcher runs every 15s. When the gateway goes from down to up, you'll get a what-just-happened summary in TUI or Telegram." echo "To stop: launchctl unload $PLIST_DEST" echo "Logs: $OPENCLAW_HOME/logs/what-just-happened.out.log and .err.log"
"$PLIST_SRC" > "$PLIST_DEST" echo "Installed $PLIST_DEST (openclaw: $OPENCLAW_BIN)" launchctl unload "$PLIST_DEST" 2>/dev/null || true launchctl load "$PLIST_DEST" echo "Loaded. Gateway-back watcher runs every 15s. When the gateway goes from down to up, you'll get a what-just-happened summary in TUI or Telegram." echo "To stop: launchctl unload $PLIST_DEST" echo "Logs: $OPENCLAW_HOME/logs/what-just-happened.out.log and .err.log"
66/66 vendors flagged this skill as clean.