Skillv1.0.3

ClawScan security

Openclaw Health Guardian · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 30, 2026, 5:07 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a reasonable user-level macOS health monitor for the OpenClaw Gateway, but metadata and a few instruction inconsistencies (notably an unnecessary 'node' requirement and duplicated metadata) do not match the actual bash-based implementation — review the scripts and trust the source before installing.
Guidance: This package mostly does what it says: it installs a user-level macOS LaunchAgent that checks the local OpenClaw gateway and tries to restart it with cooldown/rate-limiting. Before installing: 1) Inspect the two scripts (scripts/install.sh and scripts/openclaw-health-check.sh) yourself — they are included in the package and will be copied into ~/.openclaw. 2) Verify the source/author; if you don't trust the publisher, don't run the install. 3) Note the odd metadata: the skill claims a 'node' dependency but the scripts are bash-only — this is likely a packaging error but worth asking the author. 4) Confirm you want a persistent LaunchAgent that can load/unload user LaunchAgents (it operates at gui/$(id -u) scope). 5) Run the install in a controlled environment (or inspect & run the scripts manually line-by-line), back up any existing ~/Library/LaunchAgents/ai.openclaw.gateway.plist and ~/.openclaw/state before installing, and check logs after first runs. If anything looks unexpected (external network calls, unfamiliar plist manipulations, or attempts to access non-user config), abort and remove the files.

Review Dimensions

Purpose & Capability: concernThe described purpose (monitor and auto-restart OpenClaw Gateway on macOS) matches the included bash scripts and LaunchAgent usage. However the SKILL metadata repeatedly declares a dependency on the 'node' binary even though the install.sh and openclaw-health-check.sh are pure bash and do not require node; that's inconsistent and unnecessary for the stated purpose. There are also duplicated metadata blocks in SKILL.md which looks sloppy.
Instruction Scope: okRuntime instructions and scripts operate only on user-owned locations (~/.openclaw, ~/Library/LaunchAgents) and localhost:18789, and they use launchctl, curl and osascript in ways consistent with a health monitor. The scripts create state files, log files, and may open a Terminal window for user interaction. They don't contact external network endpoints other than localhost.
Install Mechanism: okThere is no remote download/install spec; the repository bundles an install.sh which copies local files into the user's home. No external archives or obscure download URLs are used. This is lower-risk than an arbitrary network installer, but you still execute a bundled install script on your machine.
Credentials: concernThe skill declares a 'node' binary requirement (bins: ["node"]) in metadata though the code is bash-centric and does not meaningfully use node. No environment variables or credentials are requested, which is appropriate. The unnecessary node requirement is disproportionate and may be an artifact or misconfiguration.
Persistence & Privilege: noteThe skill installs a per-user LaunchAgent (~/Library/LaunchAgents/com.openclaw.healthcheck.plist) — persistent but user-level (no sudo required). It also attempts to load or bootstrap the OpenClaw gateway launch agent (ai.openclaw.gateway), which is within the scope of managing the gateway but means the script can manipulate other user LaunchAgents. always:false (not force-included).