Back to skill

Security audit

gateway-notify

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it creates a persistent gateway-startup notification hook, with privacy and persistence caveats users should understand.

Install only if you want ongoing gateway startup notifications. Use a private trusted channel, avoid public Slack or Discord destinations for infrastructure status, and remove or disable the OpenClaw hook if you no longer want automatic notifications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly promotes automatic notifications to external messaging channels and mentions sending model, time, and port information, but it does not warn users that operational metadata will be transmitted off-host to third-party services. This creates a real privacy and security risk because gateway restart events can reveal service availability, infrastructure details, and potentially sensitive environment information to external destinations without informed consent or scoping guidance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states that setup will create files under the user's home directory, enable a hook in configuration, and restart the gateway, but the top-level description does not warn about these side effects before execution. This can cause users or upstream agents to trigger persistent configuration changes and service disruption without informed consent, which is a real safety issue even if the functionality is intended.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example handler sends gateway startup information to an external messaging CLI, which transmits operational metadata off-host. While the sample only includes time and localhost port, the manual does not warn users that using third-party messaging channels may expose system activity to external providers or recipients, increasing privacy and operational security risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script makes a persistent configuration change by creating hook files under the user's home directory and immediately enabling the hook, but it does so without an explicit confirmation step or a clear warning that this will cause future automatic message dispatches on gateway startup. In a security-sensitive agent environment, silent persistence increases the chance of users enabling ongoing behavior they did not fully understand, which can lead to unintended notifications, metadata disclosure, or abuse if the destination is incorrect or later becomes sensitive.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.