Hybrid Gateway

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only OpenClaw setup guide, but it recommends network exposure and remote command execution settings that deserve careful review before use.

Install only if you understand that this can expose an OpenClaw gateway and let agents run commands on your local machine. Restrict port 18789 to Tailscale or trusted IPs, prefer `wss://` when possible, protect and rotate the gateway token if exposed, avoid allowlisting broad shells like `/bin/bash`, and enable auto-start only when you want the node available continuously.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README recommends setting `OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1` to bypass WebSocket security restrictions on a non-loopback interface, but it does not explain the trust assumptions or risks of relaxing transport protections. In a hybrid gateway setup that explicitly exposes services over Tailscale/LAN, readers may enable this broadly and normalize insecure transport without understanding that compromise of the private network, misconfiguration, or over-broad binding could expose agent traffic or control channels to interception or abuse.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guide recommends binding the gateway to 0.0.0.0 for convenience, which expands exposure beyond the Tailscale interface and can unintentionally make the service reachable from public or other untrusted networks if host or cloud firewalls are permissive. Although token auth and rate limiting are mentioned, the document does not clearly instruct users to restrict network exposure to the tailnet or local firewall rules, so a misconfiguration could expose the gateway to external attack.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This section enables remote command execution on the local node and even suggests allowlisting powerful interpreters like /bin/bash, but it does not prominently warn that this grants the gateway a path to execute commands on the user's local machine. In context, the architecture is explicitly for remote exec routing, so the behavior is intentional, but the missing security warning and permissive examples increase the risk of local compromise if the gateway, agent, or approvals are abused.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal