Skillv1.6.3

ClawScan security

Gateway Guardian · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 29, 2026, 7:55 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements, runtime instructions, and included scripts are coherent with its stated purpose (monitoring/auto-rollback and crash recovery for the OpenClaw gateway); nothing requested appears unrelated or excessive, but the installer will download and run scripts and modify your user systemd units so you should review the code and trust the source before installing.
Guidance: This skill appears internally consistent with its purpose, but it will: (1) download script files from a GitHub raw URL and execute them on your machine, (2) create/modify user systemd unit files and a drop-in for your gateway service, (3) read OpenClaw session metadata and journalctl logs, and (4) send notifications using the openclaw CLI. Before installing, review the scripts (config-lib.sh, config-watcher.sh, gateway-recovery.sh, pre-stop.sh) yourself or on a trusted machine, verify the GitHub repository/author, and ensure you are comfortable with the service files being added to your user systemd. If you do not trust the source, do not run the installer; alternatively, run the install steps manually after inspecting the code and backing up your system/service files.

Review Dimensions

Purpose & Capability: okThe name/description (config watcher, auto-rollback, systemd recovery, notifications) match the actual actions: validating openclaw.json, keeping timestamp backups, restarting gateway, registering user systemd services, and sending messages via the openclaw CLI. Required binaries (inotifywait, nc, python3, journalctl, systemctl, openclaw) are appropriate and necessary for the stated functionality.
Instruction Scope: noteSKILL.md instructs the agent to back up ~/.openclaw/openclaw.json, curl scripts from the project's raw GitHub URL, write systemd user unit files and a drop-in for the gateway service, set ExecStopPost hook, and create guardian.conf that stores fallback channel/target and LOCALE. All of these actions are within the scope of installing a persistent guardian. Note: the skill reads OpenClaw sessions via `openclaw sessions --json` and journalctl logs to determine notification targets and to construct alert text — this is required for dynamic notification behavior but does access session metadata and system logs (normal for a notifier).
Install Mechanism: noteThere is no packaged install spec; the installer downloads individual script files from https://raw.githubusercontent.com/Dios-Man/gateway-guardian/main using curl and then executes them (chmod + systemd registration). Raw GitHub content is a common release host and matches the project flow, but downloading/executing remote scripts carries the usual risk: review the fetched scripts and trust the repository before running.
Credentials: okThe skill does not request environment variables, API keys, or unrelated credentials. It uses the OpenClaw CLI for messaging and session discovery (so it relies on the agent's existing OpenClaw auth), which is justified by the notification feature. Stored config (guardian.conf) only contains fallback channel/target, LOCALE, BOT_NAME, and optional STAFF_GROUP_CHAT_ID — no secrets.
Persistence & Privilege: noteThe skill registers persistent user services under ~/.config/systemd/user and writes a drop-in for the openclaw-gateway.service (modifies another service's configuration), which is expected for a guardian that integrates with the gateway lifecycle. always:false and default autonomous invocation mean the service can run persistently but is not force-installed globally. Because it registers persistent services, you should review and approve these changes before installation.