Back to skill
Skillv0.1.0
ClawScan security
Config Guard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 21, 2026, 2:51 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill does what it claims — a small watchdog script that checks Gateway health and restores a timestamped backup — and its files and instructions are coherent with that purpose.
- Guidance
- This skill is small and coherent, but inspect and run it carefully: 1) Ensure you trust the openclaw CLI on your PATH — the script calls it with status and restart commands. 2) Check ownership/permissions of ~/.openclaw and ~/.openclaw/backups: if those dirs are writable or symlinked by an untrusted user, cp/ls operations could be abused (symlink/TOCTOU). 3) Logs are written to /tmp/openclaw-watchdog.log which is world-writeable by default on some systems; consider changing the log path or securing /tmp to avoid information disclosure or symlink attacks. 4) Backups and failed-config copies may contain sensitive credentials — secure backup storage and access. 5) Run the script manually in a safe environment first to confirm behavior; you may want to add stricter checks (atomic file replacement, secure temporary files, explicit permission checks) before using it in production.
Review Dimensions
- Purpose & Capability
- okThe name/description promise (on-demand 10s rollback protection for openclaw.json/Gateway) matches the included runtime instructions and bin/watchdog.sh: it probes gateway status, finds the latest ~/.openclaw/backups/openclaw-*.json, copies it into place, and restarts the gateway via the openclaw CLI.
- Instruction Scope
- noteSKILL.md only instructs running ./bin/watchdog.sh and the script's behavior stays within that scope. However the script reads/writes $HOME/.openclaw/openclaw.json and ~/.openclaw/backups/, copies files, and writes logs to /tmp/openclaw-watchdog.log — these operations touch potentially sensitive configuration and produce files that may contain secrets. The script also assumes the presence and integrity of the openclaw CLI.
- Install Mechanism
- okNo install spec or external downloads; this is an instruction-only skill with a small bundled shell script. Nothing is fetched from remote hosts and no archives are extracted.
- Credentials
- noteThe skill declares no credentials or special env vars, which is consistent. It does use $HOME and standard filesystem paths (~/.openclaw and /tmp). Because it copies configs and creates backups/logs, users should recognize it will handle files that may contain sensitive tokens; that access is proportionate to the stated purpose but still sensitive.
- Persistence & Privilege
- okalways is false and the skill is user-invocable only. It does not request permanent agent presence or modify other skills/config; it runs only when the user invokes the script.