Back to skill

Security audit

Gateway Watchdog Lite

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw gateway watchdog that installs a user-level background service to monitor and restart the local gateway.

Install this only if you want a background user service that keeps running and can restart the OpenClaw gateway after failed health checks. Set TELEGRAM_ID to an empty string if you do not want status alerts sent through Telegram, verify WORKSPACE_PATH and OC_PORT before running the installer, and use the documented launchctl or systemctl uninstall commands when you no longer want it active.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (17)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promotes a background watchdog that installs itself as a user service and automatically restarts the gateway, but it does not clearly foreground that this changes persistent service configuration and will perform restart actions without further confirmation. In a skill/install context, insufficient disclosure can lead users to run commands that create persistence and alter availability-sensitive behavior they did not fully intend.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README mentions optional Telegram alerts but does not clearly state that gateway status events and metadata will be transmitted to a third-party service. Even if the content is limited to uptime notifications, this is still operational data disclosure to an external platform and should be clearly disclosed before enabling it.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script unconditionally installs a watchdog script, writes a systemd user service, and immediately enables and starts it without any confirmation or explicit warning that it will create persistence. Even though this appears to be legitimate installer behavior, silent persistence is security-relevant because users may not realize they are authorizing a background service that survives the current session and continuously executes code from the workspace.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installer creates a user LaunchAgent plist in ~/Library/LaunchAgents and immediately bootstraps it, establishing persistent execution every 120 seconds. Even if the stated purpose is operational monitoring, silently adding persistence is security-relevant because it alters the user's session behavior and can continue running code after the initial install without a clear consent gate.

Session Persistence

Medium
Category
Rogue Agent
Content
SCRIPTS_DIR="$WORKSPACE_PATH/scripts"
WATCHDOG_SCRIPT="$SCRIPTS_DIR/gateway-watchdog-lite.sh"
PLIST_PATH="$HOME/Library/LaunchAgents/ai.openclaw.gateway-watchdog.plist"
LABEL="ai.openclaw.gateway-watchdog"

SKILL_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
Confidence
92% confidence
Finding
PLIST

Session Persistence

Medium
Category
Rogue Agent
Content
SCRIPTS_DIR="$WORKSPACE_PATH/scripts"
WATCHDOG_SCRIPT="$SCRIPTS_DIR/gateway-watchdog-lite.sh"
PLIST_PATH="$HOME/Library/LaunchAgents/ai.openclaw.gateway-watchdog.plist"
LABEL="ai.openclaw.gateway-watchdog"

SKILL_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
Confidence
92% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
sed -i '' "s|YOUR_TELEGRAM_ID|${TELEGRAM_ID}|g" "$WATCHDOG_SCRIPT"
echo "[OK] Watchdog script installed to $WATCHDOG_SCRIPT"

# 2. Write LaunchAgent plist
mkdir -p "$HOME/Library/LaunchAgents"
cat > "$PLIST_PATH" <<PLIST
<?xml version="1.0" encoding="UTF-8"?>
Confidence
95% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
# 2. Write LaunchAgent plist
mkdir -p "$HOME/Library/LaunchAgents"
cat > "$PLIST_PATH" <<PLIST
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
Confidence
95% confidence
Finding
PLIST

Session Persistence

Medium
Category
Rogue Agent
Content
# 2. Write LaunchAgent plist
mkdir -p "$HOME/Library/LaunchAgents"
cat > "$PLIST_PATH" <<PLIST
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
Confidence
95% confidence
Finding
PLIST

Session Persistence

Medium
Category
Rogue Agent
Content
mkdir -p "$HOME/Library/LaunchAgents"
cat > "$PLIST_PATH" <<PLIST
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>Label</key>
Confidence
95% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
mkdir -p "$HOME/Library/LaunchAgents"
cat > "$PLIST_PATH" <<PLIST
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>Label</key>
Confidence
95% confidence
Finding
PLIST

Session Persistence

Medium
Category
Rogue Agent
Content
cat > "$PLIST_PATH" <<PLIST
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>Label</key>
    <string>${LABEL}</string>
Confidence
94% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
<string>/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin</string>
    </dict>
  </dict>
</plist>
PLIST
echo "[OK] LaunchAgent plist written to $PLIST_PATH"
Confidence
90% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
</dict>
  </dict>
</plist>
PLIST
echo "[OK] LaunchAgent plist written to $PLIST_PATH"

# 3. Bootstrap
Confidence
90% confidence
Finding
PLIST

Session Persistence

Medium
Category
Rogue Agent
Content
</dict>
</plist>
PLIST
echo "[OK] LaunchAgent plist written to $PLIST_PATH"

# 3. Bootstrap
launchctl bootout "gui/$UID/$LABEL" 2>/dev/null || true
Confidence
96% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
</dict>
</plist>
PLIST
echo "[OK] LaunchAgent plist written to $PLIST_PATH"

# 3. Bootstrap
launchctl bootout "gui/$UID/$LABEL" 2>/dev/null || true
Confidence
96% confidence
Finding
PLIST

Session Persistence

Medium
Category
Rogue Agent
Content
launchctl bootout "gui/$UID/$LABEL" 2>/dev/null || true
sleep 1

if launchctl bootstrap "gui/$UID" "$PLIST_PATH" 2>/dev/null; then
    echo "[OK] LaunchAgent bootstrapped"
    echo ""
    echo "==> Installation complete!"
Confidence
98% confidence
Finding
PLIST

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.