Openclaw Guardian
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Review recommended: it sets up an always-running watchdog that can automatically repair and roll back your OpenClaw workspace, but the script it tells you to run is not included for review.
Before installing, obtain and review the missing `guardian.sh` and referenced setup documentation, confirm exactly what files it can modify, back up `~/.openclaw/workspace`, and decide whether unattended repair and `git reset --hard` rollback are acceptable for your OpenClaw instance.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the watchdog misdetects a failure or chooses the wrong rollback point, it could overwrite or discard recent OpenClaw workspace changes.
The skill describes unattended use of repair, restart, hard-reset rollback, and snapshot commands against the OpenClaw workspace. These are purpose-aligned for a watchdog, but they can modify or discard workspace state without per-action user approval.
Detect Gateway down (every 30s) ... Run `openclaw doctor --fix` ... `git reset --hard` to last stable commit, restart Gateway ... Daily automatic git snapshot of workspace
Inspect the actual watchdog script before use, keep separate backups, test in a non-production workspace, and only enable automatic rollback if you are comfortable with unattended `git reset --hard` behavior.
The most important code path is unavailable for review, so users cannot verify what the background process will actually do.
The provided file manifest contains only SKILL.md and no `scripts/guardian.sh`, even though that missing helper is the executable watchdog the user is told to install and run.
Copy `scripts/guardian.sh` from this skill to `~/.openclaw/guardian.sh`
Do not run the skill until the referenced `guardian.sh` and setup documentation are included, reviewed, and match the described behavior.
The process can keep running and taking automated actions until stopped or removed from startup.
The skill clearly discloses a long-running background watchdog. That persistence is expected for the stated purpose, but users should understand it will continue operating after setup.
Guardian is a standalone bash watchdog that keeps OpenClaw Gateway alive 24/7 ... nohup ~/.openclaw/guardian.sh >> /tmp/openclaw-guardian.log 2>&1 &
Make sure you know how to stop the process, remove the startup entry, and review its logs before enabling it on important systems.
Anyone who obtains the webhook URL may be able to post to the configured Discord channel.
A Discord webhook URL is a delegated posting secret. The alerting use is optional and purpose-aligned, but it is not declared in metadata and the instructions suggest persisting it in a startup script.
export DISCORD_WEBHOOK_URL="https://discord.com/api/webhooks/..." ... Or add to `start-gateway.sh` as a persistent export.
Use a dedicated low-privilege webhook, store it carefully, avoid logging it, and rotate it if it may have been exposed.