v1.0.0

Gateway Monitor Installer

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:05 AM.

Analysis

The installer mostly matches its monitoring purpose, but it deserves review because the bundled background service reads local MiniMax/OpenClaw auth credentials and defines external provider access while installing persistent LaunchAgents.

GuidanceReview the bundled server before installing. Only proceed if you are comfortable with persistent user-level LaunchAgents, local OpenClaw log/status access, and MiniMax/OpenClaw credential handling. Verify the missing LaunchAgent templates or request a complete package, and uninstall with scripts/uninstall.sh if you no longer want the monitor running.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityMediumConfidenceHighStatusNote

scripts/install.sh

launchctl bootstrap "gui/$(id -u)" "$plist"; launchctl enable "$target"; launchctl kickstart -k "$target"

The installer creates and starts user LaunchAgents so the monitor and watchdog continue running in the background. This matches the stated purpose, but it is persistent behavior.

User impactThe services will keep running after installation and may restart monitored components until the uninstall script removes them.

RecommendationInstall only if persistent monitoring is desired, and use scripts/uninstall.sh to stop and remove the LaunchAgents when no longer needed.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

assets/bin/gateway-monitor-server.js

const OPENCLAW_STATUS_CMD = process.env.OPENCLAW_STATUS_CMD || '/opt/homebrew/opt/node/bin/node /opt/homebrew/lib/node_modules/openclaw/dist/index.js gateway status --json'; ... return execSync(command, { encoding: 'utf8', timeout, stdio: ['ignore', 'pipe', 'ignore'] })

The monitor runs local shell commands to collect gateway status. That is purpose-aligned, but the command strings are broad and environment-overridable.

User impactIf the service environment is changed, the monitor could run a different local command than the default gateway status check.

RecommendationKeep status commands fixed or strictly validate allowed commands, and document any supported environment overrides.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

scripts/install.sh

TPL_MONITOR="$ROOT_DIR/assets/launchagents/${MONITOR_LABEL}.plist.tpl" ... TPL_WATCHDOG="$ROOT_DIR/assets/launchagents/${WATCHDOG_LABEL}.plist.tpl"

The installer depends on LaunchAgent template files that are not present in the supplied file manifest, leaving package completeness and the exact launch configuration unclear.

User impactInstallation may fail or users may be unable to review the final LaunchAgent configuration from the provided artifact set.

RecommendationInclude the referenced plist templates in the package and manifest, and restrict registry metadata to macOS for this LaunchAgent-based skill.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

assets/bin/gateway-monitor-server.js

const MINIMAX_AUTH_PROFILE_PATH = path.join(HOME, '.openclaw/agents/main/agent/auth-profiles.json'); ... const envKey = String(process.env.MINIMAX_CP_KEY || '').trim(); ... data?.profiles?.['minimax-portal:default']?.access

The background monitor can obtain a MiniMax/OpenClaw access token from an environment variable or the user's local auth profile, while the registry declares no credentials and SKILL.md does not disclose credential use.

User impactInstalling the monitor may give a persistent local service access to provider account credentials that the user may not expect from a gateway-health installer.

RecommendationDisclose the credential source and exact purpose, require explicit user approval before reading auth-profiles.json, and prefer a narrowly scoped token or user-provided credential.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceMediumStatusConcern

assets/bin/gateway-monitor-server.js

const MINIMAX_REMAINS_URL = process.env.MINIMAX_REMAINS_URL || 'https://www.minimaxi.com/v1/api/openplatform/coding_plan/remains'; ... https.request({ ... headers, timeout: timeoutMs })

The monitor includes an external MiniMax provider endpoint and an HTTPS helper that can send request headers, but the SKILL.md runbook does not explain this provider communication or its data boundary.

User impactAccount or usage information may be queried from an external provider by the background monitor without the user seeing that behavior in the installer instructions.

RecommendationDocument the external endpoint, what headers or account data are sent, and provide a clear opt-in or configuration switch for provider API calls.