ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Restart Guard

v2.2.0

Deterministic OpenClaw gateway restart with down/up state-machine verification, origin-session proactive ACK, and backward-compatible config.

4· 2.1k·8 current·9 all-time
by@zjianru
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (deterministic gateway restart + notifications) aligns with the included scripts and config. Required binaries (python3, curl) and GATEWAY_AUTH_TOKEN are consistent with the HTTP/CLI notification paths and restart operations. The skill also includes multi-channel notification support (telegram/discord/slack/webhook/openclaw passthrough), which is expected for its stated delivery guarantees.
!
Instruction Scope
SKILL.md and the implementation explicitly require the agent to auto-run the full restart flow on simple natural-language triggers (e.g. "restart now") and to infer the origin session automatically. That gives the agent discretion to perform a destructive, high-impact operation without additional interactive confirmation. The code reads local files (openclaw.json, ~/.openclaw/.env) and writes local diagnostics/context files; while these are relevant to restart/notification, automatic inference and the directive "do not expose internal scripts/steps unless user explicitly asks" reduce transparency and increase risk of unintended restarts or hidden actions.
Install Mechanism
This is an instruction-only skill with bundled Python scripts (no external install/download step). There is no remote URL or archive extract in the install spec — code is present in the skill bundle and runs locally. No high-risk install mechanism detected.
!
Credentials
The skill declares a single required env var (GATEWAY_AUTH_TOKEN) which is reasonable for using the gateway HTTP tool. However, notify logic will read other notification secrets (TELEGRAM_BOT_TOKEN, DISCORD_WEBHOOK_URL, SLACK_WEBHOOK_URL, RESTART_GUARD_WEBHOOK_URL, etc.) from environment or from a user dotfile (~/.openclaw/.env). The code will open and parse that dotfile to resolve keys, which can expose unrelated secrets stored there. The number/variety of optional env keys is proportional to multi-channel notifications but the implicit dotenv access and passthrough to external webhooks warrant caution.
Persistence & Privilege
always is false and the skill does not request permanent platform-wide inclusion. It spawns a detached guardian process to persist across a gateway restart (intended behavior) and the guardian exits after completion. Autonomous invocation is enabled (platform default); combined with the explicit 'must auto-run' trigger policy in SKILL.md this increases the operational blast radius, but the skill itself does not set always:true or modify other skills' configs.
Scan Findings in Context
[no_pre_scan_findings] expected: Static pre-scan reported no injection signals. The code does use subprocess/curl and reads local files; these operations are expected given the skill's purpose but still require review.
What to consider before installing
This skill will automatically perform gateway restarts and then try to proactively notify the originating session and external channels. Before installing or enabling it: - Be aware it is designed to auto-run on simple natural-language triggers (e.g. "restart now") and may restart a gateway without extra confirmation. Consider requiring explicit human confirmation in your deployment if you don't want one-shot voice/text triggers to restart production. - Review and limit the GATEWAY_AUTH_TOKEN and any notification tokens (Telegram/Discord/Slack/webhook) it will use. The code will also read ~/.openclaw/.env to resolve tokens — inspect that file for other secrets before allowing the skill access. - Audit the included scripts (restart.py, guardian.py, notify.py, write_context.py) in your environment and test in a staging system first. Pay attention to the notification webhook URLs and content templates to avoid accidental secret leakage. - If you want stricter safety, modify the workflow to require an explicit confirmation step before executing the auto_restart flow, or limit agent permissions so automatic invocation cannot be triggered by casual chat.

Like a lobster shell, security has layers — review code before you run it.

latestvk9725nnrt6a7v0swzar1eajqd1824n9m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, curl
EnvGATEWAY_AUTH_TOKEN

Comments