ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Guardian by MyClaw.ai

v1.0.2

Deploy and manage a Guardian watchdog for OpenClaw Gateway. Auto-monitor every 30s, self-repair via doctor --fix, git-based workspace rollback, daily snapsho...

1· 579·5 current·5 all-time
byLeo Ye@leoyeai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, SKILL.md, and scripts/guardian.sh align: the script monitors an OpenClaw Gateway, runs openclaw doctor --fix, attempts git rollback, restarts the gateway, and optionally posts to a Discord webhook. The required tooling (git, pgrep/pgrep+pkill, curl) and use of the OpenClaw CLI are coherent with the stated purpose.
Instruction Scope
Instructions and script perform actions that are expected for a watchdog: periodic health checks, invoking openclaw doctor --fix, performing git reset --hard to a stable commit, creating daily git commits, restarting gateway process, and writing logs to /tmp. These actions will modify files in the specified workspace (git commits, hard resets) and restart processes — not out-of-scope but potentially destructive if the workspace contains uncommitted or sensitive data. The SKILL.md and script do not attempt to read unrelated system config or exfiltrate data beyond the optional Discord webhook.
Install Mechanism
This is an instruction-only skill with a bundled script; there is no download/install from external URLs and nothing is written to disk by an installer. Risk from installation is low — the main risk is running the provided script itself.
!
Credentials
The skill declares DISCORD_WEBHOOK_URL as the primary credential but treats it as optional in documentation and code (only used if set). Registry/metadata lists required binaries as git, pgrep, curl but the script also expects pkill, nohup and the openclaw CLI; openclaw is referenced in SKILL.md but not listed in the registry required-binaries. These mismatches are likely harmless but should be clarified. Also note the script will auto-commit all workspace changes (daily_backup) and performs git reset --hard (data loss risk) — environmental access to the workspace is inherent to function and should be evaluated before use.
Persistence & Privilege
The skill does not request forced always-on privilege. It instructs the user how to run the script as a background process and how to add it to a startup helper; these are normal for a watchdog. The script only modifies its own workspace and /tmp files, and restarts the gateway process (expected for this role).
Assessment
This skill generally does what it says, but review and test before deploying to production: - Backup your workspace first. The guardian runs git reset --hard and will discard uncommitted changes; it also auto-commits all changes daily. Ensure the repo contains only content you are willing to have committed and potentially rolled back. - Confirm availability of required binaries: git, pgrep, pkill, curl, nohup, and especially the OpenClaw CLI (openclaw). The registry metadata omitted pkill and openclaw; ensure they exist. - Review what openclaw doctor --fix and openclaw gateway do in your environment — these commands can perform wide-reaching repairs/restarts. - Discord webhook: the webhook is optional, but the registry marks it as the primary credential; verify the webhook URL destination and treat it as a secret. Notifications contain only brief status messages, but do not supply other workspace contents by default. - Run the script in a sandbox or staging environment first to confirm behavior and to tune intervals/cooldowns/repair attempts. - If you need stricter safety, consider modifying the script to: (a) require manual approval before git reset --hard, (b) restrict auto-commit behavior or exclude certain files, and (c) log (and rotate) backups outside the workspace. Given the above, the skill appears coherent with its purpose but requires operational caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk975wd04dg6qz3zbd2zvmjhb29825jkq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsgit, pgrep, curl
Primary envDISCORD_WEBHOOK_URL

Comments