ClawHub

Gateway Guardian

Three-layer protection for the OpenClaw gateway: real-time config monitoring with auto-rollback, systemd crash recovery, and tiered notifications via Feishu/...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 212 · 0 current installs · 1 all-time installs
by@Dios-Man
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual files and runtime requirements. Declared binaries (inotifywait, nc, python3, journalctl, systemctl, openclaw) are appropriate for file-watching, validation, notifications and systemd interaction. The shell scripts implement the described features (config validation, backups, rollback, OnFailure recovery, notifications).
Instruction Scope
SKILL.md instructs the agent to read/write OpenClaw config files, create timestamped backups, register systemd user services, and add an ExecStopPost drop-in for the openclaw-gateway service — all within the stated purpose. It also invokes 'openclaw sessions' and 'openclaw message send' to detect and DM the user. No unrelated files, unrelated credentials, or broad system scanning are requested, but the instructions do modify a separate service's unit (openclaw-gateway), which increases impact and should be an explicit user consent point.
Install Mechanism
There is no registry-managed installer; SKILL.md downloads scripts from raw.githubusercontent.com (a well-known host) unless the files already exist. Downloading and making remote scripts executable is common but carries supply-chain risk — if the raw URL is untrusted or changed, arbitrary code could be installed. The skill package in the registry already contains the scripts, which mitigates but does not eliminate the risk if the SKILL.md is followed to re-fetch from GitHub.
Credentials
The skill declares no required environment variables or credentials and the runtime code does not ask for API keys or other secrets. It uses OpenClaw CLI to find sessions and send messages (expected for notifications). Files and paths accessed are all related to OpenClaw (~/.openclaw/, systemd user config, /tmp locks/logs).
Persistence & Privilege
The skill installs persistent user-level systemd services and a systemd drop-in for the openclaw-gateway user unit (adding OnFailure and ExecStopPost hooks). This is functionally required for crash recovery and pre-stop notifications, but it grants the skill the ability to run its scripts automatically on gateway events — a normal design for this use case, yet with a non-trivial blast radius if the scripts were malicious or later replaced. The skill is not marked always:true and does not request elevated system-level (root) daemons.
Assessment
What to consider before installing: - This will create systemd user services and add a systemd drop-in to the openclaw-gateway user unit (ExecStopPost/OnFailure). That allows the guardian scripts to run automatically when the gateway stops or crashes — intended, but make sure you consent to modifying your gateway service. - SKILL.md fetches scripts from https://raw.githubusercontent.com/Dios-Man/gateway-guardian/main by default. Although GitHub raw is a common source, fetching and executing remote scripts carries supply-chain risk. Prefer installing from the registry-provided files or verify the repository contents and commit hash before allowing a fetch. - The skill does not ask for API keys or other secrets. It uses the OpenClaw CLI to detect the active session and to send messages (notifications will be sent via your configured OpenClaw credentials). Confirm that 'openclaw message send' behavior is acceptable in your environment. - Review the included scripts (config-lib.sh, config-watcher.sh, gateway-recovery.sh, pre-stop.sh) yourself (they are present in the package) or ask the agent to show them before installation. Key things to check: the GitHub URL, the hardcoded gateway port (18789), log/backup paths, and that no unexpected network endpoints or credential uploads exist. - If unsure, perform a manual install on a staging host or run the steps interactively rather than allowing the agent to execute them autonomously. Keep backups of your existing openclaw.json (SKILL.md already does a preinstall backup) and be prepared to revert the systemd unit changes (uninstall steps are provided).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.5.1
Download zip
latestvk97axe6v61hntgeep9795hfyq582zdb8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsinotifywait, nc, python3, journalctl, systemctl, openclaw

SKILL.md

Gateway Guardian — Skill Instructions

Triggers

Activate this skill when the user:

  • Shares https://github.com/Dios-Man/gateway-guardian and asks to install it
  • Says "install gateway-guardian", "帮我安装", "install this skill", or similar
  • Says "gateway-guardian status", "guardian status", "guardian 运行正常吗", or similar
  • Says "uninstall gateway-guardian", "卸载 gateway-guardian", or similar

Installation (AI-executed)

Pre-flight checks

  1. Confirm the system is Linux with systemd --user available: 
    systemctl --user status 2>&1 | head -3
  2. Check and install inotify-tools if missing: 
    if ! which inotifywait > /dev/null 2>&1; then
    sudo apt-get install -y inotify-tools
fi
  3. Confirm OpenClaw is installed and the gateway is running.

Determine notification fallback

Read from the current inbound message metadata:

  • channel: messaging platform (feishu / telegram / discord / etc.)
  • chat_type: conversation type (direct / group)
  • sender_id

Set FALLBACK_TARGET (used when dynamic session detection fails):

  • Feishu: user:{sender_id} — always send a DM, even if installed from a group
  • Telegram: use chat_id for DMs; for groups, ask the user for their personal numeric Telegram ID
  • Discord: ask the user for their DM channel ID

Determine notification language (LOCALE)

Detect the language the user is communicating in during this conversation:

  • User is writing in Chinese → LOCALE=zh
  • User is writing in English → LOCALE=en
  • Language is unclear or mixed → ask the user: "Should notifications be sent in Chinese or English?"

Installation steps

Step 1 — Back up current config

TIMESTAMP_DIR="$HOME/.openclaw/config-backups"
mkdir -p "$TIMESTAMP_DIR"
cp "$HOME/.openclaw/openclaw.json" \
   "$TIMESTAMP_DIR/openclaw.json.$(date +%Y%m%d-%H%M%S).preinstall"
echo "Backup created: $(ls -t $TIMESTAMP_DIR | head -1)"

Step 2 — Download skill files

SKILL_DIR="$HOME/.openclaw/workspace/skills/gateway-guardian"
mkdir -p "$SKILL_DIR"
BASE_URL="https://raw.githubusercontent.com/Dios-Man/gateway-guardian/main"
for f in config-lib.sh config-watcher.sh gateway-recovery.sh pre-stop.sh; do
    # Skip if file already present (e.g. installed via clawhub install)
    [ -f "$SKILL_DIR/$f" ] && continue
    curl -fsSL "$BASE_URL/$f" -o "$SKILL_DIR/$f"
done

Step 3 — Write guardian.conf

SKILL_DIR="$HOME/.openclaw/workspace/skills/gateway-guardian"
cat > "$SKILL_DIR/guardian.conf" << EOF
FALLBACK_CHANNEL={detected channel}
FALLBACK_TARGET={determined fallback target}
LOCALE={zh or en}
EOF

Step 4 — Set execute permissions

SKILL_DIR="$HOME/.openclaw/workspace/skills/gateway-guardian"
chmod +x "$SKILL_DIR/config-watcher.sh"
chmod +x "$SKILL_DIR/gateway-recovery.sh"
chmod +x "$SKILL_DIR/pre-stop.sh"

Step 5 — Register config-watcher service

SKILL_DIR="$HOME/.openclaw/workspace/skills/gateway-guardian"
cat > ~/.config/systemd/user/openclaw-config-watcher.service << EOF
[Unit]
Description=OpenClaw Gateway Guardian - File Watcher
After=openclaw-gateway.service

[Service]
Type=simple
ExecStart=/bin/bash $SKILL_DIR/config-watcher.sh
Restart=always
RestartSec=3

[Install]
WantedBy=default.target
EOF

Step 6 — Register gateway-recovery service

SKILL_DIR="$HOME/.openclaw/workspace/skills/gateway-guardian"
cat > ~/.config/systemd/user/openclaw-recovery.service << EOF
[Unit]
Description=OpenClaw Gateway Guardian - Crash Recovery
After=network.target

[Service]
Type=oneshot
ExecStart=/bin/bash $SKILL_DIR/gateway-recovery.sh
EOF

Step 7 — Register OnFailure drop-in and ExecStopPost hook

SKILL_DIR="$HOME/.openclaw/workspace/skills/gateway-guardian"
mkdir -p ~/.config/systemd/user/openclaw-gateway.service.d/
cat > ~/.config/systemd/user/openclaw-gateway.service.d/recovery.conf << EOF
[Unit]
OnFailure=openclaw-recovery.service

[Service]
StartLimitBurst=3
StartLimitIntervalSec=60
ExecStopPost=/bin/bash $SKILL_DIR/pre-stop.sh
EOF

Step 8 — Start services

systemctl --user daemon-reload
systemctl --user enable openclaw-config-watcher.service
systemctl --user start openclaw-config-watcher.service

Step 9 — Verify installation

systemctl --user is-active openclaw-config-watcher.service
cat ~/.config/systemd/user/openclaw-gateway.service.d/recovery.conf
tail -5 /tmp/config-watcher.log

Step 10 — Report result to user

Reply with a summary in the user's language (match LOCALE):

Gateway Guardian installed

🔔 Notification channel: {channel} (fallback target: {FALLBACK_TARGET}) 🌐 Notification language: {zh | en} 📋 Service status: {Active line from systemctl output} 📝 Log: /tmp/config-watcher.log

To uninstall, tell me: "uninstall gateway-guardian" / "卸载 gateway-guardian"

Status Check (AI-executed)

When the user asks for status:

systemctl --user status openclaw-config-watcher.service
tail -10 /tmp/config-watcher.log
ls -lt ~/.openclaw/config-backups/ | head -5

Report: service active/inactive, recent log lines, number of config backups on hand.

Uninstall (AI-executed)

When the user asks to uninstall:

systemctl --user stop openclaw-config-watcher.service
systemctl --user disable openclaw-config-watcher.service
rm -f ~/.config/systemd/user/openclaw-config-watcher.service
rm -f ~/.config/systemd/user/openclaw-recovery.service
rm -f ~/.config/systemd/user/openclaw-gateway.service.d/recovery.conf
systemctl --user daemon-reload
systemctl --user reset-failed openclaw-gateway.service 2>/dev/null

Ask the user whether to also delete config backups:

# Only run if user confirms
rm -rf ~/.openclaw/config-backups/

Confirm removal is complete.

Notes

  • This skill must be installed via an OpenClaw AI agent — no manual install script is provided.
  • Installation requires an active message context (in-conversation metadata is used for notification setup).
  • guardian.conf contains private notification config and is never uploaded to GitHub.
  • Config backups in ~/.openclaw/config-backups/ are retained across uninstalls unless the user explicitly requests deletion.
  • Notifications use dynamic session detection at runtime; guardian.conf is only a fallback.

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…