ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gateway Recovery

v1.0.0

Automatically notifies when the gateway restarts by detecting a recovery flag and sending an "I'm back!" message during heartbeat checks.

0· 94·0 current·0 all-time
by@kazuninishiki

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kazuninishiki/gateway-recovery.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Gateway Recovery" (kazuninishiki/gateway-recovery) from ClawHub.
Skill page: https://clawhub.ai/kazuninishiki/gateway-recovery
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gateway-recovery

ClawHub CLI

Package manager switcher

npx clawhub@latest install gateway-recovery
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The declared purpose (notify when a gateway restarts) is reasonable and matches the minimal actions described (create/check/clear a flag file). However the SKILL.md also references a LaunchAgent startup hook (ai.openclaw.gateway-startup-hook.plist) and a specific log path (/Users/kazuni/.openclaw/...), yet the package contains no install instructions or code to create that LaunchAgent. That mismatch (claims of automatic startup wiring without any install mechanism) is incoherent.
!
Instruction Scope
The instructions tell the agent to create and read ~/.openclaw/recovery_flag and to send a notification on detection. They also reference a user-specific log path and a LaunchAgent name. Missing are details about who creates the LaunchAgent, where notifications are sent (destination/service), and what credentials or endpoints are used. The instructions are vague in ways that grant broad discretion to the agent and rely on filesystem and startup configuration changes without guidance.
Install Mechanism
There is no install spec and no code files — lowest-risk form in principle. That said, the SKILL.md implies installation of a LaunchAgent (persistent startup hook) but provides no plist contents or installation steps. The absence of any install artifact for the startup hook is an incoherence (it claims automatic startup behavior but gives no mechanism).
Credentials
The skill requests no environment variables or credentials, which is proportionate to a simple flag-checking notifier. However it hard-codes an absolute user path (/Users/kazuni/...), which suggests the author used a specific account and the instructions were not generalized. The skill would require write/read access to the user's home to create the flag and potentially to create a LaunchAgent, but that level of access is expected for the stated purpose.
!
Persistence & Privilege
The instructions explicitly reference persistent startup integration via a LaunchAgent plist, which implies the skill expects to establish a persistent hook on user login. The skill metadata provides no install steps and does not request explicit permission or show the LaunchAgent content. Persistence through user LaunchAgents increases the attack surface and should be reviewed before allowing.
What to consider before installing
This skill claims to auto-notify on gateway recovery but omits critical details. Before installing or trusting it: (1) ask the author to provide the LaunchAgent plist contents and exact installation steps so you can review what will be written to your system; (2) confirm where notifications are sent (what service or endpoint) and what credentials, if any, will be used; (3) correct the hard-coded path (/Users/kazuni) to use a generic user-relative path, or explain why a fixed username is present; (4) if a LaunchAgent will be added, inspect it manually and consider testing in an isolated account or VM; (5) prefer a version that includes an explicit, reviewable install script or package instead of only prose. Because of missing install artifacts and unclear notification destination, treat this skill as suspicious until those questions are answered.

Like a lobster shell, security has layers — review code before you run it.

latestvk9718jymwpcntrkx7rc5r9ga8183s0w6
94downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@kazuninishiki
latest
Download

Gateway Recovery Notification Skill

Purpose

Automatically sends a notification message when the gateway restarts and recovers.

How It Works

  1. Startup Hook: Detects gateway restart and creates ~/.openclaw/recovery_flag
  2. Heartbeat Check: During heartbeat poll, secretary checks for recovery flag
  3. Send Notification: If flag exists, sends "I'm back!" message and clears flag

Configuration

  • Flag file: ~/.openclaw/recovery_flag
  • LaunchAgent: ai.openclaw.gateway-startup-hook.plist
  • Log file: /Users/kazuni/.openclaw/workspace/memory/startup.log

Usage

The skill runs automatically during heartbeat checks. No manual intervention needed!

Testing

To test manually:

  1. Create flag: touch ~/.openclaw/recovery_flag
  2. Secretary will detect it on next heartbeat
  3. Send notification message
  4. Clear flag automatically

Created by Albedo - Mar 28, 2026 💕🌙

Comments

Loading comments...