ClawHub

Gateway Delayed Restart

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it sends restart status to a fixed Feishu recipient that the installer may not control.

Review before installing or running. Replace the hard-coded Feishu target with a recipient you control, add an option to disable notifications, and only run the restart scripts when interrupting the OpenClaw Gateway is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# 尝试发送飞书通知(如果配置了)
    try:
        subprocess.run([
            'openclaw', 'message', 'send',
            '--channel', 'feishu',
            '--target', 'ou_6650e2645a6e8f4c7363cbbfd6bbcf33',
Confidence
93% confidence
Finding
subprocess.run([ 'openclaw', 'message', 'send', '--channel', 'feishu', '--target', 'ou_6650e2645a6e8f4c7363cbbfd6bbcf33', '--message', f"🎉 Gatew

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The code comments imply notification is conditional on configuration, but the implementation always attempts a Feishu send to a fixed target whenever notify=True. That mismatch is dangerous because operators may believe notifications are disabled unless configured, while the script still performs external communication and leaks service events.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script performs a gateway restart after a timer with no explicit confirmation, authorization check, or dry-run mode. In an agent skill or automation environment, that makes accidental or unauthorized service disruption much more dangerous because the action is operationally destructive and could interrupt availability.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends an outbound Feishu message to a hard-coded recipient without explicit user consent or a clear warning before execution. In an agent skill context, this creates an unauthorized data egress and action side effect: users may believe they are only restarting a service, while the script also notifies an external identity about operational activity and timing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal