ClawHub

Gateway Keeper

v2.0.0

OS-level watchdog that monitors OpenClaw gateway health and auto-restarts on crash. After restart, triggers session recovery so interrupted work resumes auto...

0· 426·2 current·2 all-time
by@russellfei
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts implement a gateway health check, auto-restart, and a recovery-file mechanism consistent with the declared purpose. However, the package metadata declares no required binaries while the check script calls the 'openclaw' CLI; that binary is essential for the skill to function but is not declared. This mismatch reduces transparency and could cause failures or unexpected behavior.
!
Instruction Scope
SKILL.md instructs installing both Windows (PowerShell) and systemd-based setups, but the repository only includes POSIX shell scripts (install.sh, check-gateway.sh, uninstall.sh). The instructions reference a POWERHELL/PS1 install flow and check-gateway.ps1 which are not present. The scripts also read and write files under OPENCLAW_WORKSPACE (logs, HEARTBEAT.md) and modify the user's crontab — actions that are within the stated watchdog scope but were not fully documented in metadata (the OPENCLAW_WORKSPACE env var is used but not declared).
Install Mechanism
There is no external download/install step — installation is performed by local install scripts that make the cron entry and append to HEARTBEAT.md. No remote code fetches or archive extraction are present in the provided files, which is lower risk. Still, running install scripts modifies the user's crontab and workspace files, so they should be inspected before running.
Credentials
The skill requests no credentials and doesn't exfiltrate data. But it implicitly requires the 'openclaw' CLI and optionally respects OPENCLAW_WORKSPACE; neither requirement is listed in the metadata. The scripts create logs and a recovery JSON file in the workspace which could contain timestamps and status output; this is reasonable for a watchdog but should be understood by the installer.
Persistence & Privilege
The skill does not request always: true and does not modify other skills. It persists by installing a user cron job and appending instructions to HEARTBEAT.md — expected for a watchdog. This gives it autonomous periodic execution (cron), which is appropriate but worth noting.
What to consider before installing
Before installing: (1) Inspect scripts yourself — check-gateway.sh calls the 'openclaw' CLI which must exist and be trusted; metadata does not declare this dependency. (2) Note SKILL.md mentions Windows/PowerShell and systemd support, but only POSIX shell scripts are included — Windows users are missing the promised .ps1 files. (3) The installer will add a cron job and append to HEARTBEAT.md (if present) and will write logs and logs/gateway-recovery.json in your OpenClaw workspace; back up HEARTBEAT.md and your crontab if needed. (4) If you run install.sh, run it as the intended user (it modifies that user's crontab and files). (5) If you want to proceed, test in a non-production environment first and ensure the 'openclaw' CLI path and behavior are what the script expects. The inconsistencies are likely sloppy packaging, not malicious intent, but they should be resolved before trusting the skill in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk978jkxx1v09hkfv0s9q5s7w5182bwty
426downloads
0stars
2versions
Updated 1mo ago
v2.0.0
MIT-0
@russellfei
latest
Download

Gateway Keeper

OS-level watchdog for OpenClaw gateway. Runs outside the gateway process so it survives crashes.

How It Works

  1. Health check — Runs openclaw gateway status every 15 minutes
  2. Auto-restart — If gateway is down, runs openclaw gateway start
  3. Recovery signal — Writes logs/gateway-recovery.json with crash timestamp
  4. Session recovery — HEARTBEAT.md template detects recovery file, prompts agent to check incomplete work

Quick Setup

Install

Run the appropriate install script for your OS:

Windows (PowerShell as Admin):

powershell -ExecutionPolicy Bypass -File "<skill-dir>/scripts/install.ps1"

Linux/macOS:

bash "<skill-dir>/scripts/install.sh"

Uninstall

Windows:

powershell -ExecutionPolicy Bypass -File "<skill-dir>/scripts/uninstall.ps1"

Linux/macOS:

bash "<skill-dir>/scripts/uninstall.sh"

Recovery Protocol

After gateway restart, the agent should check logs/gateway-recovery.json:

{
  "crashed_at": "2026-02-26T00:00:00Z",
  "restarted_at": "2026-02-26T00:15:00Z",
  "restarted_by": "gateway-keeper"
}

Add to HEARTBEAT.md (done automatically by install script):

## Gateway Crash Recovery
If `logs/gateway-recovery.json` exists:
1. Read crash timestamp
2. List all active sessions/sub-agents
3. Check each for incomplete work
4. Resume or retry as needed
5. Delete the recovery file when done

Files

FilePurpose
scripts/check-gateway.ps1Windows health check + restart
scripts/check-gateway.shLinux/macOS health check + restart
scripts/install.ps1Windows Task Scheduler setup
scripts/install.shLinux/macOS cron/systemd setup
scripts/uninstall.ps1Windows cleanup
scripts/uninstall.shLinux/macOS cleanup

Customization

Edit check interval by modifying the scheduled task/cron entry. Default: 15 minutes.

To change recovery behavior, edit the HEARTBEAT.md recovery section.

Comments

Loading comments...