ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gateway Health Monitor

v1.0.0

Monitor and auto-fix OpenClaw gateway stability issues. Diagnoses launchd throttling, plugin restart loops, hung shutdowns, and macOS power management interf...

0· 36·1 current·1 all-time
by@jimmyclanker
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (macOS gateway health fixes) aligns with the scripts' actions (diagnose, patch a gateway launchd plist, change reload mode). However the skill metadata claims no required binaries or config paths, while the scripts actually rely on launchctl, plutil, pmset (and call the openclaw CLI and python3). The omission of those required tools is an inconsistency.
!
Instruction Scope
SKILL.md directs running included shell scripts that read/writes files under $HOME (~/.openclaw/openclaw.json, ~/.openclaw/logs, ~/Library/LaunchAgents/ai.openclaw.gateway.plist), call launchctl and pmset (sudo for permanent pmset change), and will modify the gateway plist automatically. The instructions read and modify local configuration and logs beyond what the skill metadata declared — this is scope creep the user should be aware of.
Install Mechanism
There is no external install spec and all code is included in the package. No downloads from remote URLs or opaque installers are present, so nothing external will be written to disk beyond what these scripts create when run.
Credentials
The skill requests no credentials or environment variables (appropriate), but the scripts require system utilities (launchctl, plutil, pmset, python3, openclaw CLI) and will need permission to modify user LaunchAgents and to run sudo pmset. Those privilege requirements are not declared in the metadata.
!
Persistence & Privilege
Running install-patcher.sh will create and load a persistent user LaunchAgent (ai.openclaw.plist-patcher) that watches the gateway plist and automatically rewrites keys. This gives the skill ongoing, autonomous filesystem and launchctl influence in the user's account — expected for a patcher but a meaningful persistence capability that should be accepted explicitly by the user.
What to consider before installing
This skill appears to implement the described macOS fixes, but there are two issues you should consider before installing: (1) the package metadata omits required tools and the specific paths the scripts access — the scripts use launchctl, plutil, pmset, python3 and the openclaw CLI and read/write ~/.openclaw and ~/Library/LaunchAgents; (2) the installer creates a persistent per-user launchd agent that will automatically patch the gateway plist (and the instructions include a sudo pmset change). If you plan to install: review the included scripts line-by-line, back up ~/Library/LaunchAgents/ai.openclaw.gateway.plist and ~/.openclaw/openclaw.json, confirm you trust the skill source, and run the diagnostic scripts manually first (do not run install-patcher.sh until you're comfortable). If you prefer lower risk, run the scripts in a disposable account or macOS VM to observe behavior before enabling the persistent patcher.

Like a lobster shell, security has layers — review code before you run it.

latestvk977bczp66jf85w8ebrkqec1t583x98n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments