ClawHub

Gateway Auto-Fix

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it installs a persistent one-minute auto-repair job that can repeatedly change OpenClaw configuration and restart the gateway without further approval.

Install only if you explicitly want unattended OpenClaw gateway repair. Before enabling it, review the script, consider using a longer interval or adding cooldown and retry limits, and make sure you know how to remove it with `openclaw cron rm gateway-auto-fix` and deletion of `~/.openclaw-it/workspace/openclaw-auto-fix.sh`.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly instructs users to install and run shell commands, create a script, and register a recurring cron task, yet no permissions or safety boundaries are declared. This increases the chance that users or automation will execute privileged or persistent actions without understanding the skill's capabilities.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The description markets the skill as 'just install and it works' but does not clearly warn that installation creates a persistent every-minute cron job and will autonomously run repair and restart actions. This omission can mislead users into granting ongoing execution and service-impacting behavior without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The installer silently drops a new executable script into the user's workspace and registers it to run every minute via OpenClaw cron, with no confirmation, dry-run, permission check, or rollback path. That creates persistent automated remediation behavior that can repeatedly execute privileged or disruptive commands (`openclaw doctor --fix` and `openclaw gateway restart`) based on fragile string matching, increasing the risk of unintended system changes, denial of service, or abuse if the script or workspace is modified later.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
1. Checks `openclaw gateway status` every minute
2. Detects "RPC probe: failed" in the output
3. Automatically runs:
   - `openclaw doctor --fix` to fix config issues
   - `openclaw gateway restart` to restart the gateway
4. Logs all actions to `/tmp/openclaw-auto-fix.log`
Confidence
93% confidence
Finding
Automatically run

Session Persistence

Medium
Category
Rogue Agent
Content
That's it! The skill will:
- ✅ Add OpenClaw cron job (every 1 minute)
- ✅ Create the script
- ✅ Start monitoring

## Manual Install (If ClawHub Not Available)
Confidence
96% confidence
Finding
Create the script - ✅ Start monitoring ## Manual Install (If ClawHub Not Available) ```bash # 1. Copy the script to workspace mkdir -p ~/.openclaw-it/workspace cp /path/to/gateway-auto-fix/openclaw-

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal