Gateway Self-Heal Watchdog

Security checks across malware telemetry and agentic risk

Overview

This skill installs a disclosed local watchdog that can restart OpenClaw and roll back its config, so it is high-impact but coherent with its stated purpose.

Install only if you want an always-on local watchdog that can restart the OpenClaw gateway and replace ~/.openclaw/openclaw.json from backup. Review the script first, keep an independent config backup, check your crontab or launchd/systemd entry after setup, and avoid the root systemd example unless that privilege is truly required.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill clearly instructs the user to run shell commands and install scripts, yet it declares no permissions or equivalent warning about shell execution capability. This creates a transparency and consent problem because users may invoke a skill that can modify local files, install persistence, and alter system behavior without an explicit capability declaration.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The container startup command is intended to restore the live configuration from a backup, but it copies the backup file onto itself instead. In a self-healing/watchdog skill, this defeats the advertised rollback mechanism, so a bad or corrupted active config will persist and the gateway may repeatedly fail to start or recover, creating a reliability and availability issue.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The description contains broad trigger phrases such as 'gateway down' and 'config recovery,' which can match common troubleshooting requests and cause the skill to activate in situations where the user did not intend persistent automation to be installed. In this context, over-broad routing is risky because the skill's documented behavior includes cron persistence, script installation, and configuration rollback.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The setup section says to run an installation script but does not clearly warn that it creates a watchdog script, registers a cron job every minute, and changes persistent system scheduling. Omitting that warning undermines informed consent and increases the chance a user will install long-lived automation with rollback behavior they did not fully understand.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The document instructs users to install and enable a root-run systemd watchdog that executes every minute, but it provides no warning about the privilege level, persistence, or the risk of repeatedly running a script from /root. In a security-sensitive gateway context, this increases the chance of unsafe deployment, accidental persistence, or privileged misuse if the referenced script is modified or compromised.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script performs impactful state changes without confirmation: it overwrites backups, creates and executes a new watchdog script, and rewrites the user's crontab. Even if intended for resilience, these actions can unexpectedly alter system behavior, remove existing watchdog-related cron lines via broad grep matching, and make rollback difficult if the user did not explicitly approve installation.

Session Persistence

Medium

Category: Rogue Agent
Content: ``` This will: - Create the watchdog script at `~/.openclaw/watchdog.sh` - Register it as a cron job (every minute) - Take an initial config backup
Confidence: 97% confidence
Finding: Create the watchdog script at `~/.openclaw/watchdog.sh` - Register it as a cron job (every minute) - Take an initial config backup ## Manual Commands ```bash # Check watchdog status bash scripts/wat

Session Persistence

Medium

Category: Rogue Agent
Content: # Replace USERNAME in the plist first sed -i '' "s/USERNAME/$(whoami)/g" ~/Library/LaunchAgents/ai.openclaw.watchdog.plist launchctl load ~/Library/LaunchAgents/ai.openclaw.watchdog.plist ```
Confidence: 78% confidence
Finding: launchctl load

Session Persistence

Medium

Category: Rogue Agent
Content: # Replace USERNAME in the plist first sed -i '' "s/USERNAME/$(whoami)/g" ~/Library/LaunchAgents/ai.openclaw.watchdog.plist launchctl load ~/Library/LaunchAgents/ai.openclaw.watchdog.plist ```
Confidence: 78% confidence
Finding: plist

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal