Openclaw Health Guardian

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenClaw health monitor, but it installs and activates a recurring macOS background service that can automatically repair or restart the gateway without a separate consent step.

Install only if you want a macOS LaunchAgent that runs every five minutes and can automatically run OpenClaw repair/start/restart commands. Review the launchctl and doctor --fix paths first, and back up logs or state before using the uninstall/reset commands because they delete operational history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (17)

Missing User Warnings

Medium

Confidence: 79% confidence
Finding: The uninstall section contains destructive removal commands for LaunchAgent files, scripts, state, and logs without an explicit warning that local configuration and operational history will be deleted. This raises the risk of accidental data loss or service disruption, especially if copied blindly by users or agents.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The documentation describes an automated flow that performs repair and restart actions, including `doctor --fix`, gateway restart, and force-start fallback, but does not clearly warn users that running the skill will modify local service state. Even without privilege escalation, undisclosed automated state-changing behavior can surprise users, disrupt active workflows, and mask repeated failures through self-healing loops.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The guide documents multiple destructive deletion commands such as removing state, logs, scripts, and LaunchAgent files, but it does not prominently warn users that these actions can permanently delete operational data and local configuration. In a troubleshooting document, users may copy-paste commands quickly, so the lack of explicit cautions increases the risk of accidental data loss or incomplete recovery.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The installer creates files under the user's home directory and registers a persistent LaunchAgent that runs automatically, but it does so without any explicit user consent, preview, or confirmation before making those changes. While this appears to support the product's intended health-check functionality rather than malicious persistence, silent installation of autorun behavior is security-relevant because it reduces user awareness and can normalize covert persistence patterns.

Session Persistence

Medium

Category: Rogue Agent
Content: mkdir -p "$LAUNCH_AGENT_DIR" # 使用变量直接注入，避免硬编码 cat > "$LAUNCH_AGENT_DIR/com.openclaw.healthcheck.plist" << EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0">
Confidence: 98% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: # 使用变量直接注入，避免硬编码 cat > "$LAUNCH_AGENT_DIR/com.openclaw.healthcheck.plist" << EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key>
Confidence: 97% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: # 使用变量直接注入，避免硬编码 cat > "$LAUNCH_AGENT_DIR/com.openclaw.healthcheck.plist" << EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key>
Confidence: 97% confidence
Finding: PLIST

Session Persistence

Medium

Category: Rogue Agent
Content: cat > "$LAUNCH_AGENT_DIR/com.openclaw.healthcheck.plist" << EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.openclaw.healthcheck</string>
Confidence: 97% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: <key>ThrottleInterval</key> <integer>60</integer> </dict> </plist> EOF # 4. 加载并启动服务
Confidence: 95% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: # 4. 加载并启动服务 log_info "加载健康检查服务..." launchctl unload "$LAUNCH_AGENT_DIR/com.openclaw.healthcheck.plist" 2>/dev/null || true sleep 1 launchctl load "$LAUNCH_AGENT_DIR/com.openclaw.healthcheck.plist"
Confidence: 99% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: log_info "加载健康检查服务..." launchctl unload "$LAUNCH_AGENT_DIR/com.openclaw.healthcheck.plist" 2>/dev/null || true sleep 1 launchctl load "$LAUNCH_AGENT_DIR/com.openclaw.healthcheck.plist" # 5. 验证安装 log_info "验证安装..."
Confidence: 97% confidence
Finding: launchctl load

Session Persistence

Medium

Category: Rogue Agent
Content: log_info "加载健康检查服务..." launchctl unload "$LAUNCH_AGENT_DIR/com.openclaw.healthcheck.plist" 2>/dev/null || true sleep 1 launchctl load "$LAUNCH_AGENT_DIR/com.openclaw.healthcheck.plist" # 5. 验证安装 log_info "验证安装..."
Confidence: 97% confidence
Finding: plist

Tool Parameter Abuse

High

Category: Tool Misuse
Content: ```bash # Stop and remove service launchctl unload ~/Library/LaunchAgents/com.openclaw.healthcheck.plist rm ~/Library/LaunchAgents/com.openclaw.healthcheck.plist # Remove scripts and logs rm ~/.openclaw/scripts/openclaw-health-check.sh
Confidence: 84% confidence
Finding: rm ~/Library/LaunchAgents/com.openclaw.healthcheck.plist # Remove scripts and logs rm ~/.openclaw/scripts/openclaw-health-check.sh rm -rf ~

Tool Parameter Abuse

High

Category: Tool Misuse
Content: ```bash # Stop and remove service launchctl unload ~/Library/LaunchAgents/com.openclaw.healthcheck.plist rm ~/Library/LaunchAgents/com.openclaw.healthcheck.plist # Remove scripts and logs rm ~/.openclaw/scripts/openclaw-health-check.sh
Confidence: 84% confidence
Finding: rm ~/Library/LaunchAgents/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: rm ~/Library/LaunchAgents/com.openclaw.healthcheck.plist # Remove scripts and logs rm ~/.openclaw/scripts/openclaw-health-check.sh rm -rf ~/.openclaw/state/ rm ~/.openclaw/logs/health-check*.log ```
Confidence: 83% confidence
Finding: rm ~/.openclaw/scripts/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: # Remove scripts and logs rm ~/.openclaw/scripts/openclaw-health-check.sh rm -rf ~/.openclaw/state/ rm ~/.openclaw/logs/health-check*.log ```
Confidence: 88% confidence
Finding: rm -rf ~/.openclaw/state/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: # Remove scripts and logs rm ~/.openclaw/scripts/openclaw-health-check.sh rm -rf ~/.openclaw/state/ rm ~/.openclaw/logs/health-check*.log ``` ## Requirements
Confidence: 81% confidence
Finding: rm ~/.openclaw/logs/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal