Is jonathanjing/openclaw-gateway-watchdog-skill safe?

https://github.com/openclaw/skills/tree/main/skills/jonathanjing/openclaw-gateway-watchdog-skill

87
SAFE

This is a legitimate gateway monitoring skill that watches OpenClaw service health and sends Discord alerts. The skill follows good isolation practices and contains no malicious code patterns. The main risks are inherent to its functionality - executing system commands and sending data to external services.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

MEDIUM Shell Script Execution Risk -25

The skill contains shell scripts that execute system commands including openclaw, curl, python3, and various system utilities. While this appears necessary for the monitoring functionality, it represents potential execution risk if the scripts are compromised.

LOW External Data Transmission -20

The skill sends gateway health status data to external Discord services via webhooks or bot API when configured by the user. This is the intended functionality but involves transmitting operational data externally.

INFO Service Restart Capability -15

The skill includes auto-restart functionality that can restart gateway services when enabled. This capability could be concerning in production environments but is opt-in and bounded by maximum attempts.