Skillv0.1.0

ClawScan security

Gateway Service · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 3, 2026, 9:24 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (install the OpenClaw Gateway as a Windows scheduled task), but it comes from an unknown source and will require administrative privileges and persistent autorun on the system — review and verify the OpenClaw binary before running.
Guidance: This skill is coherent with its stated goal, but exercise caution before running it: 1) Verify the openclaw CLI binary you will run (path, publisher, checksum/signature if available) — the skill has no homepage or source to validate. 2) Understand it requires Administrator rights and will create a scheduled task that runs at startup (persistent system-level change). 3) If you want to be cautious, inspect what the scheduled task will point to (use a test VM, or run the install in a controlled environment), run `openclaw gateway status` first, and after installation check the created task with Task Scheduler or schtasks to confirm the command/executable path and permissions. 4) If you do not trust the origin of the openclaw binary, do not run the install as admin on a production machine.

Purpose & Capability: okThe name/description (install Gateway as a Windows scheduled task) aligns with the SKILL.md instructions, which simply call the openclaw CLI to install/start/stop the gateway. There are no unrelated env vars or extra capabilities requested.
Instruction Scope: okInstructions are narrowly scoped: run `openclaw gateway install` (admin required), use `openclaw gateway {start|stop|status}`, and check logs under %USERPROFILE%\AppData\Local\Temp\openclaw\. They do not instruct reading unrelated files or exfiltrating data.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, so it does not install additional software itself. The actual work depends on the existing openclaw CLI being present on the system.
Credentials: noteNo environment variables or secrets are requested. However, the operation requires administrative privileges to create a Windows scheduled task — a proportionate requirement for the stated goal but one that grants elevated system rights while installing.
Persistence & Privilege: noteThe skill's purpose is to create a persistent scheduled task that autoruns the Gateway and restarts it on failure. That persistence is expected for the stated purpose, but it has system-wide impact (startup persistence) so users should verify the executable path and legitimacy of the OpenClaw binary.