OpenClaw Gateway Manager
Security checks across malware telemetry and agentic risk
Overview
The skill mostly matches its gateway-management purpose, but its instance-creation script writes unvalidated user inputs into an auto-starting service that runs code persistently.
Install only if you intend to manage local OpenClaw gateways and are comfortable with user-level auto-start services. Use simple alphanumeric instance names and numeric ports, inspect generated LaunchAgent plists before loading them, back up important OpenClaw data, and manually clean old backups if they contain sensitive information.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted or mistaken instance name or port could cause commands other than the intended OpenClaw gateway start command to run under your macOS user account, and the LaunchAgent may run them persistently.
The script takes user-supplied arguments and places them directly into JavaScript code that is written to a LaunchAgent; no numeric port or safe instance-name validation is shown.
INSTANCE_NAME="$1"; PORT="$2" ... <string>require('child_process').execSync('openclaw gateway --port $PORT', {cwd: '$CONFIG_DIR', stdio: 'inherit', env: {...process.env, OPENCLAW_HOME: '$CONFIG_DIR'}})</string>Validate instance names and require numeric ports before generating files; avoid Node -e/execSync for this and use a fixed ProgramArguments array with validated arguments. Review the generated plist before loading it.
A created gateway can continue running and restart automatically after login or failure until the LaunchAgent is removed.
Creating a gateway installs and immediately loads a user-level LaunchAgent configured to auto-start and keep the process alive.
<key>RunAtLoad</key> <true/> ... <key>KeepAlive</key> <true/> ... launchctl load "$PLIST_FILE"
Only create instances when you want persistent local service behavior, and inspect or remove the plist in ~/Library/LaunchAgents if you no longer need it.
If confirmed, the script can remove OpenClaw configuration, sessions, memory files, and the related LaunchAgent for the selected instance.
The delete script performs a destructive recursive deletion of an OpenClaw instance directory, but it is disclosed and gated by three interactive confirmations.
read confirm1 ... read confirm2 ... read confirm3 ... rm -rf "$CONFIG_DIR"
Check the printed CONFIG_DIR carefully before confirming deletion, and keep a separate backup of important gateway data.
Data you thought was deleted may still exist in the backup directory until you manually remove it.
Before deleting an instance, the script copies the full configuration directory to a local backup location, which may include session history or memory files.
BACKUP_DIR="$HOME/.openclaw-deleted-backups/$INSTANCE-$(date +%Y%m%d%H%M%S)" ... cp -r "$CONFIG_DIR" "$BACKUP_DIR/"
Review and delete old backups in ~/.openclaw-deleted-backups if they contain sensitive configuration, sessions, or memory data.
A future clone could install code different from the reviewed artifact set.
The documented install path clones a moving GitHub repository without pinning a commit or release.
git clone https://github.com/seastaradmin/openclaw-gateway-manager.git ~/.jvs/.openclaw/skills/gateway-manager
Prefer the reviewed ClawHub package or pin the repository to a specific trusted commit before installing.
Users may over-trust the skill because it self-describes as reviewed, despite the included high-impact scripts.
The package contains its own security-reviewed claim; this should be treated as publisher-provided context rather than independent approval.
"security": { "reviewed": true, "response": "SECURITY_RESPONSE.md" }Rely on the marketplace review result and your own inspection, not only on the package's self-attestation.