优雅重启 Gateway。解决重启后丢失会话上下文的问题，重启前设置一次性 cron 任务，重启后自动发送消息到主会话恢复任务。默认 10 秒后唤醒。触发词：重启、restart

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do its advertised restart-and-resume job, but its broad auto-trigger can restart Gateway from an ambiguous request.

Install only if you want an agent to be able to restart OpenClaw Gateway and schedule a one-time resume message. Use explicit commands such as "restart Gateway" or "重启 Gateway", and require confirmation before running it on vague restart requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrase includes the single word "重启", which is overly broad and can match ordinary user requests unrelated to restarting the Gateway. In this skill, activation leads to a privileged operational action (scheduling a cron wakeup and restarting the Gateway), so accidental invocation could disrupt service or restart the wrong component.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The activation condition says to auto-trigger whenever the user asks to restart Gateway, but it does not define scope, authorization, or safety checks. Because the skill performs a disruptive administrative operation, ambiguous activation increases the risk of unintended restarts and denial of service in normal conversation.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The usage guidance states that the skill auto-executes when the user says "重启", again using an imprecise trigger for a high-impact action. In context, this is more dangerous because the skill is specifically designed to restart infrastructure and inject a post-restart message into the main session, magnifying the consequences of a false activation.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The description says the skill performs a graceful restart and self-wakeup, but it does not clearly constrain when it should be invoked or what preconditions must be met. Because the skill has sensitive permissions (gateway-restart and cron), vague invocation guidance increases the chance that an agent triggers a disruptive restart in the wrong context, causing availability issues or unintended scheduled actions.

Natural-Language Policy Violations

Low

Confidence: 75% confidence
Finding: The metadata description is written only in Chinese, which can bias routing toward a specific language without confirming the user's preference. This is primarily a usability and policy-compliance issue, but in a restart-capable skill it can also contribute to misunderstandings about what the skill does and when it should run.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal