Gateway Watchdog Lite
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: gateway-watchdog-lite Version: 1.0.2 The skill establishes persistence by installing a background watchdog service (launchd on macOS or systemd on Linux) to monitor and auto-restart the OpenClaw gateway. While this behavior is aligned with the stated purpose, the installation scripts (install.sh and install-linux.sh) contain a command injection vulnerability. They use 'sed' to template user-provided environment variables (OC_PORT and TELEGRAM_ID) directly into the watchdog scripts without sanitization, which could allow for arbitrary code execution if these variables are maliciously crafted. The skill also includes promotional links to a paid 'full version' at confuseduser.com.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The watchdog will continue running in the background and may act without further prompts after installation.
The skill intentionally installs a persistent background service. This is disclosed and purpose-aligned for a watchdog, but persistence is important for users to notice.
Installs a launchd service (macOS) or systemd service (Linux / VPS) that probes the gateway every 2 minutes and auto-recovers it on failure.
Install only if you want continuous background monitoring, and use the documented uninstall commands if you no longer want it running.
If configured incorrectly, the watchdog could repeatedly restart or terminate gateway-related processes every cooldown interval.
The recovery logic can automatically restart the OpenClaw gateway service or kill matching gateway processes when the health check fails. This is purpose-aligned, but a wrong port or misdetected failure could disrupt local OpenClaw processes.
systemctl --user restart openclaw-gateway 2>/dev/null
else
pkill -f "openclaw.*gateway" 2>/dev/null || trueConfirm OC_PORT and WORKSPACE_PATH before enabling the service, monitor the logs after installation, and disable the service if it restarts the gateway unexpectedly.
If Telegram alerts are enabled, the service can send gateway recovery/failure messages through the user's configured gog/Telegram setup.
Optional Telegram alerts use the local gog CLI to send messages to the configured Telegram ID. This appears limited to status alerts and does not show credential theft or unrelated account access.
"$GOG_BIN" telegram send --to "$TELEGRAM_ID" --text "$MSG" 2>/dev/null || true
Set TELEGRAM_ID to an empty string if you do not want alerts, and verify your gog Telegram configuration before enabling notifications.
Users have to rely on the included scripts and documentation rather than a pinned source or managed install specification.
The runnable scripts are included, but the registry-level provenance and install metadata are limited. This is not evidence of malicious behavior, but it reduces assurance compared with a clearly sourced and declarative install.
Source: unknown Homepage: none Install specifications: No install spec — this is an instruction-only skill.
Review the included scripts before running them and prefer installing from a publisher/source you trust.