ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Gateway Fd Fix

v1.0.0

Fix OpenClaw Gateway "spawn EBADF" / "RPC probe failed" / "EMFILE too many open files" errors caused by file descriptor exhaustion from too many files in wor...

0· 557·1 current·1 all-time
byJian Zhang@thomaszhang2661
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to detect and repair FD exhaustion for the OpenClaw Gateway on macOS. The included fix.sh finds large dependency directories in ~/.openclaw/workspace, optionally deletes them, updates the user's LaunchAgent plist to raise NumberOfFiles, and restarts the gateway—these actions align with the stated goal.
Instruction Scope
Instructions are narrowly focused on the gateway issue and reference only workspace, the LaunchAgent plist, and gateway commands. They do perform destructive actions (rm -rf of .venv/node_modules) and modify ~/Library/LaunchAgents/ai.openclaw.gateway.plist then restart the service. The script prompts for confirmation before deletion and backs up the plist. Minor safety issues: some variables used with rm -rf are unquoted (possible word-splitting/edge-case deletion problems), and the script assumes the presence of 'openclaw' and macOS tools.
Install Mechanism
No install spec; the skill is instruction-only with an included shell script. Nothing is downloaded or installed automatically.
Credentials
The skill requests no environment variables, credentials, or unrelated config paths. It only touches user-owned files under $HOME, which are relevant to the task.
Persistence & Privilege
The script modifies the user's LaunchAgent plist and uses launchctl to unload/load the agent (user-level service changes). This is expected for changing FD limits, but it is a persistent change to user service configuration and requires user consent; there is no 'always: true' privilege escalation.
Assessment
This skill appears to do what it says, but it performs destructive and persistent actions: it may delete .venv/node_modules directories and will edit and reload your LaunchAgent plist. Before running: (1) Inspect fix.sh yourself (it's included). (2) Let the script list candidate directories and only approve deletion if you understand which items will be removed — consider moving rather than deleting. (3) Verify the plist backup ($PLIST.bak.<timestamp>) exists before any change. (4) Be aware the script is macOS-only and assumes the 'openclaw' CLI is installed. (5) Note a minor robustness issue: rm -rf uses unquoted variables which can mishandle paths with spaces/newlines — consider running the script in a safe environment or adapting it to safely handle special characters. If unsure, manually follow the SKILL.md manual steps instead of the one-click script.

Like a lobster shell, security has layers — review code before you run it.

latestvk9739vs2hsj5hcj7m1m1sp7xdd81gf75

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments