Skillv1.0.0

ClawScan security

smart-restart-protection · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 2:36 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (protecting and coordinating OpenClaw Gateway restarts), but there are minor inconsistencies you should verify before installing (missing declared binaries, Node/JS runtime expectations, and scripts that run shell commands and write state files).
Guidance: This skill appears to do what it says (manage safe restarts) but check a few things before installing or running it: 1) Ensure required tooling exists: besides 'openclaw' and 'bash' the scripts call curl, ss, tar, awk, find, ps, mv and the JS file implies a Node runtime — make sure those are present and trusted. 2) Inspect index.js and shell scripts for commands you don't want run on your host (index.js uses execSync/spawn wrappers that can run shell commands). 3) Understand that reset-protection and some operations will modify or clear files under ~/.openclaw/restart-state and backups — make a manual backup first. 4) If you plan to allow autonomous agent invocation, restrict or audit calls that perform 'restart' or 'reset-protection' to avoid accidental resets; consider requiring manual confirmation or running in a test environment first. 5) Run the scripts as an unprivileged user in a staging environment to validate behavior before using in production.

Review Dimensions

Purpose & Capability: noteThe name/description, scripts (smart-restart.sh, check-status.sh, reset-protection.sh) and index.js all implement restart-protection, rate-limiting, backups and diagnostics — consistent with the stated purpose. However the metadata declares only 'openclaw' and 'bash' as required binaries while the scripts use other system tools (curl, ss, tar, awk, ps, find, mv, etc.) and the package includes index.js (Node). The skill implicitly requires a Node runtime to use index.js and several unix tools that are not listed in the declared requirements.
Instruction Scope: noteRuntime instructions and scripts operate on local OpenClaw state (~/ .openclaw/*), read/write restart-state, lock files (/tmp/openclaw-restart.lock), create backups, and call the local Gateway HTTP endpoint and openclaw CLI. This is within scope for restart protection. Notes: reset-protection.sh and index.js perform destructive reset/overwrite of restart logs and last_restart; reset scripts prompt for interactive confirmation (may hang if run non-interactively). There are no obvious remote exfiltration endpoints; network calls are to localhost or local system checks.
Install Mechanism: okNo install spec (files are provided with the skill). That lowers supply-chain risk compared to remote downloads. Files include shell scripts and a JS module; the presence of executable scripts means the agent or user can run them, so verify scripts before execution. There is no network download during install.
Credentials: noteThe skill does not request external credentials or environment variables in the registry metadata. README mentions optional env vars (SRP_STATE_DIR, SRP_MAX_HOURLY, etc.) but these are not declared as required — that is fine but should be documented clearly. The scripts read/writes user-home files (~/.openclaw/*) and /tmp lock files, which is proportional to the stated functionality but does grant access to your OpenClaw state and logs.
Persistence & Privilege: okThe skill does not set always:true and uses its own state directory under the user's home. It writes logs, backups and state files within ~/.openclaw/restart-state and /tmp lock files; it does not attempt to modify other skills or global agent configuration. Autonomous invocation is allowed (platform default) — consider whether you want the agent to call restart/reset operations automatically.