ClawHub

gateway-notify

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears to do what it says—set up gateway-start notifications—but users should notice that it creates a persistent hook and sends messages through local messaging commands.

This skill is reasonable if you want automatic gateway startup notifications. Before installing, verify the recipient/channel, confirm any messaging CLI comes from a trusted source, and remember that the created OpenClaw hook will keep running on future gateway startups until you disable or remove it.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI10: Rogue Agents
Low
What this means

Notifications will continue to be sent whenever the gateway starts until the hook is disabled or removed.

Why it was flagged

The script creates and enables an OpenClaw hook under the user's home directory, making the notification behavior persistent across future gateway startups.

Skill content
HOOK_DIR="$HOME/.openclaw/hooks/gateway-restart-notify" ... openclaw hooks enable gateway-restart-notify
Recommendation

Install only if you want ongoing startup notifications, and keep track of how to disable or remove the gateway-restart-notify hook.

#
ASI05: Unexpected Code Execution
Low
What this means

The hook will run local command-line messaging tools when the gateway starts, so the local tools and configured target need to be trusted.

Why it was flagged

The generated handler invokes shell commands to send notifications through local messaging CLIs. This is purpose-aligned, but shell execution is a sensitive mechanism.

Skill content
import { exec } from "child_process"; ... await execAsync(cmd);
Recommendation

Review the generated handler, use only the intended channel and address, and avoid customizing it to accept untrusted input.

#
ASI07: Insecure Inter-Agent Communication
Info
What this means

The chosen recipient or messaging service can see when your gateway starts and the local port value included in the notification.

Why it was flagged

The hook sends gateway startup time and local port information through the configured messaging provider or channel.

Skill content
const message = `🚀 Gateway started! ... 🌐 Port: 127.0.0.1:18789`; ... openclaw message send --channel ${channel} --target '${address}' --message "${message}"
Recommendation

Use a private, trusted recipient or channel, and avoid pointing the notification at public or shared destinations unless that disclosure is acceptable.

#
ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

Setup may fail or may use whatever local CLI with that name is on your PATH.

Why it was flagged

The skill relies on local messaging CLIs, while the registry metadata declares no required binaries or install spec. This is not hidden, but dependency checks and provenance are left to the user.

Skill content
| iMessage | `imsg` | ... | WhatsApp | `wacli` | ... | Telegram | `openclaw message` |
Recommendation

Confirm that OpenClaw and any messaging CLI you use are installed from trusted sources before running the setup script.