Security audit

Guardian — OpenClaw 7x24 Watchdog & Auto-Healer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed watchdog, but it creates persistent automation that can restart OpenClaw and has implementation mismatches users should review first.

Install only if you intentionally want a persistent OpenClaw watchdog that may restart the gateway automatically. Before enabling the cron job, review the script, fix or accept the broad Windows memory check, confirm the actual log path, and make sure you know how to disable or remove the scheduled job.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill advertises zombie-session monitoring and automatic killing, but the watchdog flow never actually invokes session-health checks or any remediation for stuck sessions. This mismatch can create a false sense of protection, allowing stale or hung sessions to persist and potentially consume resources or evade expected operational safeguards.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The module documentation specifically claims zombie sessions are auto-healed, but the code neither detects zombies in a meaningful way nor kills them anywhere in the main control flow. In a watchdog/auto-healer context, this is dangerous because operators may assume unhealthy sessions are being contained automatically when they are not.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The overview promotes zero-intervention monitoring and auto-healing but does not prominently warn that the skill performs ongoing automated checks and can restart the gateway without further confirmation. System-modifying automation on a recurring schedule increases operational risk because users may enable persistent behavior without understanding its effect on availability or debugging state.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The Quick Start provides direct instructions to copy files and create a recurring cron-based agentTurn job, but it lacks a clear safety notice about persistence, continued background actions, and automatic restart of system components. Because the steps are turnkey and framed as 'one go,' users may enable long-lived automation without appreciating that it will continue acting on the system until disabled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal