ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Gateway Manager

v1.0.2

Unified multi-cloud management tool for detecting, configuring, restarting, verifying, creating, and safely deleting all OpenClaw gateway instances on macOS.

0· 111·0 current·0 all-time
by@seastaradmin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The scripts and SKILL.md implement discovery, port management, creation, restart, verification and safe deletion of OpenClaw instances — this matches the stated gateway-manager purpose. However clawhub.json and some README text advertise cross-platform support (macOS/Linux/Windows) while the SKILL.md, check-dependencies.sh and many scripts are macOS-centric (LaunchAgent, plutil, launchctl) and even warn when not running on darwin. This is an internal inconsistency (overstated cross-platform claim) but explains by design: the tool is primarily macOS-focused.
Instruction Scope
SKILL.md instructs the agent to run the provided shell scripts. The scripts read and write configuration under $HOME, inspect ports/processes, create user LaunchAgent plists, invoke openclaw via node, and use rm -rf for deletions. All of these actions are within the declared purpose (service management, create/delete, restart, port changes). Destructive operations are documented and guarded by a three-step confirmation and an automatic backup step, which mitigates but does not eliminate risk — users should still review before running deletion on production data.
Install Mechanism
This is an instruction-only skill (no install spec); the repository content is scripts and documentation. No remote downloads or archive extraction are specified by the skill metadata, so there is low installation mechanism risk. The install guidance (git clone from a GitHub URL) is normal but note the 'Source: unknown / Homepage: none' in the registry metadata — the README mentions a GitHub repo; the user should verify the repository identity before cloning.
Credentials
The skill does not request secrets or external credentials and declares no required environment variables. Scripts access standard environment values (HOME, USERPROFILE, APPDATA) and require node, jq and openclaw binaries — these are proportional to launching and managing OpenClaw gateways. One subtle point: the LaunchAgent plist passes process.env into the node child process; any sensitive env vars present in the user's environment would be inherited by the launched openclaw process (this is expected but worth noting).
Persistence & Privilege
The scripts create and load user-level LaunchAgents under ~/Library/LaunchAgents and run node/openclaw persistently via launchd. This grants persistent execution under the user's account (no sudo). That behavior is coherent with a gateway manager that needs auto-start. However persistence increases the potential blast radius if the code or the openclaw binary were compromised — combine this with the fact the agent can invoke the skill autonomously (default) and you should be cautious about allowing unreviewed autonomous runs that create user services.
Assessment
What to consider before installing or letting the agent run this skill: - Confirm source: the registry metadata shows no homepage and 'Source: unknown' while documentation references a GitHub repo. Verify the repository and author (https://github.com/seastaradmin/openclaw-gateway-manager) before cloning or executing scripts. - Review scripts first: the skill is instruction-only but includes many shell scripts that will read/write $HOME, create LaunchAgents and use rm -rf for deletes. Inspect gateway-delete.sh, gateway-create.sh and the plist template in gateway-create.sh to ensure they do what you expect. - Backup important data: even with triple-confirmation and automatic backups, deletion uses rm -rf. Make manual backups before testing on production instances. - Test in a safe environment: run check-dependencies.sh and exercise create/delete operations in a local or isolated test account before use on primary systems. - Verify openclaw and node binaries: the LaunchAgent runs node to exec openclaw. Ensure the 'openclaw' binary/package you have is trustworthy; otherwise the launched process could contact external services. - Check cross-platform claims: although metadata claims multi-platform support, the scripts are primarily macOS-focused. Don't expect full Linux/Windows parity without manual review/adjustment. - Consider manual activation: instead of granting autonomous agent invocation that could create persistent LaunchAgents, run the scripts yourself the first time or require explicit user confirmation before performing operations that install services or delete data. If you want, I can summarize the exact lines in the scripts that create or delete files and the LaunchAgent plist so you can inspect them quickly.
scripts/gateway-create.sh:87
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

cross-platformvk9784qx16cmthkgwa531khd3f183cvqfgatewayvk9784qx16cmthkgwa531khd3f183cvqfjvs-clawvk9784qx16cmthkgwa531khd3f183cvqflatestvk9784qx16cmthkgwa531khd3f183cvqflinuxvk9784qx16cmthkgwa531khd3f183cvqfmacosvk9784qx16cmthkgwa531khd3f183cvqfmulti-cloudvk9784qx16cmthkgwa531khd3f183cvqfopenclawvk9784qx16cmthkgwa531khd3f183cvqfport-managervk9784qx16cmthkgwa531khd3f183cvqfqclawvk9784qx16cmthkgwa531khd3f183cvqfwindowsvk9784qx16cmthkgwa531khd3f183cvqf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments