ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Resume After Gateway Restart

v1.0.0

Reliably resume work after `openclaw gateway restart` (or when you must restart the OpenClaw gateway mid-task). Uses durable one-shot cron `agentTurn` jobs (...

0· 57·0 current·0 all-time
byBobby Lindsey@bobbylindsey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's behavior (scheduling cron agentTurns, reading/writing memory/post-restart-task.md, calling openclaw sessions/cron, and using systemd-run/systemctl) is coherent with 'resume after gateway restart'. However the registry metadata claims no required binaries/configs while the scripts clearly require: the openclaw CLI, systemd (systemd-run and systemctl), and python3. The missing declared dependencies is an incoherence the user should note.
Instruction Scope
SKILL.md stays within the stated scope: it instructs capturing session/delivery info, writing a post-restart memory file, scheduling two isolated agentTurn cron jobs (a 'back' message and a resume job), and then scheduling a delayed restart. It explicitly reads and writes memory/post-restart-task.md and uses openclaw sessions/cron — these are expected for this purpose. The instructions do grant the agent autonomous ability to send messages after restart (intended behavior).
Install Mechanism
No install spec (instruction-only plus two helper scripts) — low installation risk. The scripts are bundled with the skill and not downloaded from external URLs.
Credentials
No environment variables or external credentials are requested, which aligns with the described function. However, the scripts do require runtime tools (openclaw, systemd, python3) that were not declared in the registry metadata — this omission should be treated as a configuration/packaging problem rather than malicious intent.
Persistence & Privilege
always:false (normal). The skill schedules durable one-shot cron jobs and a transient systemd unit that will autonomously run agentTurns and restart the gateway. That autonomous behavior is part of the feature, but it increases blast radius (the agent will send messages and modify the memory file without a follow-up user step).
What to consider before installing
This skill appears to implement its stated purpose, but review these points before installing: - The package metadata declares no required binaries, yet the scripts call: openclaw (sessions/cron), systemd-run/systemctl, and python3. Ensure those commands exist and are trusted on the host. - The skill will schedule a systemd restart of openclaw-gateway and will create one-shot cron agentTurns that autonomously send messages back to captured channels. Only install if you trust the skill to act on your behalf and your environment supports systemd and the openclaw CLI. - Inspect memory/post-restart-task.md usage: the resume job will read and append to this file. Ensure storing sensitive data there is acceptable. - Test in a safe environment first (or dry-run the scheduling steps without performing the restart) to confirm route/model inference works for your sessionKey format. If you want to proceed, ask the author to update package metadata to list required binaries (openclaw, systemd, python3) and to document failure modes when systemd isn't available. If you do not trust autonomous restarts or automated sends to chat channels, do not install.

Like a lobster shell, security has layers — review code before you run it.

latestvk972bz8mjkqde7g6rjf1qrmm71842nyz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments