Skillv1.0.1

ClawScan security

continuous-openclaw-config-guard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 15, 2026, 6:19 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (monitoring, backup, restart, rollback) matches its description, but metadata omits required configuration and the script contains hard-coded developer account and external Matrix destination—this mismatch and the outbound notifications are unexpected and should be reviewed before install.
Guidance: Do not install or enable this service until you review and edit the script and service file. Specifically: - Change SESSION_FILE to point to your own agent/session file (SKILL.md repeatedly warns this is required). The metadata failing to declare SESSION_FILE is an omission—treat it as required. - Replace the hard-coded --account huoxiaoxing and the Matrix target (!HwJBqEut...:matrix.local) with your own account/target or remove the message-send lines if you do not want external notifications. The script currently sends status messages to an external Matrix ID using the developer's account—this is the main unexpected network communication. - Verify OPENCLAW_BIN is correct for your system and test the restart/status commands manually before letting the script restart your gateway automatically. - Inspect and control permissions for the backups and log files (they may contain config or sensitive metadata). Ensure backups are stored where you trust them. - Test the script manually in a safe environment (non-production) and run it without installing systemd first. Only copy the service file to /etc/systemd/system after modifying the User, ExecStart/Stop, WorkingDirectory, and Environment entries. - If you lack confidence in the external notifications, remove or disable the message-send calls and rely on local logging/emailing to a destination you control. Given the metadata omissions and hard-coded external account, exercise caution and prefer manual testing.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (monitor openclaw.json, backup, restart, rollback) aligns with the provided script. However the registry metadata lists no required environment variables or credentials, while SKILL.md and the script require a SESSION_FILE and expect an OpenClaw binary path. The omission of these required configuration items from metadata is an incoherence.
Instruction Scope: concernThe runtime instructions (and included guard.sh) do more than file-watching: they read ~/.openclaw openclaw.json and a SESSION_FILE to detect message activity, write backups and logs, restart the gateway via an OpenClaw binary, and send status messages to a hard-coded Matrix ID. The external notifications and hard-coded account (--account huoxiaoxing) are outside what a minimal 'config guard' would need and constitute unexpected external communications.
Install Mechanism: noteThis is an instruction-only skill with included scripts (no download/install spec). Installation requires copying a service file into /etc/systemd/system (requires sudo) and marking the script executable—normal for a persistent daemon but it gives the script persistent presence on the system once installed.
Credentials: concernAlthough the registry lists no required env vars/credentials, SKILL.md and guard.sh require and reference SESSION_FILE, OPENCLAW_BIN, and other env vars. The script also hard-codes an agent/account name ('huoxiaoxing') and a Matrix target (!HwJBqEut...:matrix.local) for outbound messages. Requesting no declared credentials but performing outbound network notifications (using someone else's account/target) is disproportionate and unexpected.
Persistence & Privilege: noteThe skill does not set always:true and is user-invocable. If installed as instructed, it becomes a systemd-managed persistent service (auto-restarting) running as the configured User. That persistence is normal for a daemon but combined with the above issues increases potential blast radius if misconfigured.