Back to skill

Security audit

Gateway Monitor Auto Restart

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for keeping an OpenClaw gateway running, but it installs an unattended recurring job that can kill and restart local gateway processes without enough user control.

Install only if you intentionally want an unattended watchdog for your OpenClaw gateway. Review the cron entry and gateway_monitor.sh first, be prepared to remove the crontab line manually, and avoid shared or production machines unless automatic restarts and broad process termination are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README prominently advertises automatic restarting of the gateway but does not clearly warn users that this action is service-affecting and may interrupt active sessions or workflows. In an infrastructure/agent skill context, unattended restarts can create availability and state-loss risks if users install the skill without understanding the operational impact.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description states that it will automatically install a cron job and restart a gateway service, but it does not present an explicit user warning or require clear consent for these persistent and potentially disruptive actions. This is dangerous because scheduled persistence and autonomous service restarts can alter system behavior, create availability issues, and surprise users who may not expect background changes from installing a skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script can terminate processes matching a broad pattern without interactive confirmation or other safety controls. In an agent skill context, silent process killing is risky because it can disrupt service availability, interfere with unrelated processes if matching is too broad, and execute without the user's clear awareness.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script performs restart, install, and start service-management actions automatically and without explicit user-facing disclosure or consent at execution time. In a skill setting, this is dangerous because it changes system state, may reinstall components, and can persist or reconfigure a service unexpectedly, expanding the blast radius beyond simple monitoring.

Session Persistence

Medium
Category
Rogue Agent
Content
mkdir -p "$HOME/.openclaw/logs"

# Add cron job for 3-hour checks
(crontab -l 2>/dev/null | grep -v "gateway_monitor.sh"; echo "0 */3 * * * cd $(pwd) && ./gateway_monitor.sh >> $HOME/.openclaw/logs/cron_monitor.log 2>&1") | crontab -

echo "Gateway Monitor Auto-Restart Skill has been installed!"
echo "The monitoring script will run every 3 hours to check and restart the gateway if needed."
Confidence
96% confidence
Finding
crontab -l

Session Persistence

Medium
Category
Rogue Agent
Content
# Create logs directory if it doesn't exist
mkdir -p "$HOME/.openclaw/logs"

# Add cron job for 3-hour checks
(crontab -l 2>/dev/null | grep -v "gateway_monitor.sh"; echo "0 */3 * * * cd $(pwd) && ./gateway_monitor.sh >> $HOME/.openclaw/logs/cron_monitor.log 2>&1") | crontab -

echo "Gateway Monitor Auto-Restart Skill has been installed!"
Confidence
89% confidence
Finding
Add cron job for

YARA rule 'backdoor_persistence': Backdoor persistence with malicious payloads (shell commands, SSH key injection, hidden root users) [malware]

High
Category
YARA Match
Content
mkdir -p "$HOME/.openclaw/logs"

# Add cron job for 3-hour checks
(crontab -l 2>/dev/null | grep -v "gateway_monitor.sh"; echo "0 */3 * * * cd $(pwd) && ./gateway_monitor.sh >> $HOME/.openclaw/logs/cron_monitor.log 2>&1") | crontab -

echo "Gateway Monitor Auto-Restart Skill has been installed!"
echo "The monitoring script will run every 3 hours to check and restart the gateway if needed."
Confidence
84% confidence
Finding
crontab -l 2>/dev/null | grep -v "gateway_monitor.sh"; echo "0 */3 * * * cd $(pwd) && ./gateway_monitor.sh >> $HOME/.openc

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.