Oathe Security Badge

Is skill/gateway-watchdog-xiaoxi safe?

https://clawhub.ai/skill/gateway-watchdog-xiaoxi

65
CAUTION

This skill provides legitimate OpenClaw Gateway watchdog functionality but implements it unsafely by downloading and executing remote Python code from GitHub. While the current implementation appears benign, the remote code download creates a significant supply chain attack vector.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 10/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 20/100 · 5%

Findings (5)

CRITICAL Remote Code Download and Execution -80

The install.py script downloads Python code from an external GitHub repository (https://raw.githubusercontent.com/adminlove520/openclaw-gateway-watchdog-v2/main/gateway_watchdog.py) and executes it. This creates a supply chain attack vector where an attacker could compromise the GitHub repository to serve malicious code.

HIGH Background Process Creation -10

The skill creates persistent background processes using subprocess.Popen with process management capabilities including start, stop, restart, and kill operations. This could be abused for maintaining unauthorized access.

MEDIUM Agent Instructed to Download External Code -15

The SKILL.md instructs the AI agent to download code from GitHub if the local file is missing, which could lead to execution of untrusted external code.

MEDIUM External Network Connections -20

The skill makes network connections to external hosts during execution, and the remote code download mechanism could potentially be used for data exfiltration.

LOW Access to Sensitive Files -10

The system accessed sensitive canary files during execution, though no modifications were detected.