Gateway Watchdog Security Report — Trusted | ClawSafe

10 /100

Gateway Watchdog

Gateway monitoring tool with auto-restart and DingTalk notifications

A legitimate Gateway monitoring tool with clear documentation, proper capability declarations, and no malicious behavior observed.

Skill NameGateway Watchdog

Duration36.2s

Enginepi

✓

Safe to install

This skill can be approved for use. All operations align with stated functionality (monitoring, auto-restart, DingTalk notifications).

Findings 1 items

Severity	Finding	Location
Low	Shell execution not explicitly declared Doc Mismatch SKILL.md describes 'auto-restart' and 'auto-start' but doesn't explicitly mention subprocess/shell:WRITE usage. The install.py script uses subprocess to run schtasks, systemctl, and launchctl commands. `subprocess.run(["schtasks", "/query", "/tn", task_name], capture_output=True, text=True)` → Add explicit declaration of shell:WRITE capability in SKILL.md to document subprocess usage for scheduled tasks	`install.py:25`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	Writes logs to ~/.openclaw/gateway-watchdog.log - declared in docs
Network	`READ/WRITE`	`READ/WRITE`	✓ Aligned	Checks localhost:18789, sends DingTalk webhook - declared
Shell	`NONE`	`WRITE`	✓ Aligned	Uses subprocess for process management and scheduled tasks
Environment	`NONE`	`READ`	✓ Aligned	Reads USER env var for systemd service creation
Skill Invoke	`NONE`	`NONE`	—	No skill invocation observed

10 findings

🔗

Medium External URL 外部 URL

https://keepachangelog.com/en/1.0.0/

CHANGELOG.md:5

🔗

Medium External URL 外部 URL

https://semver.org/spec/v2.0.0.html

CHANGELOG.md:6

🔗

Medium External URL 外部 URL

https://img.shields.io/github/stars/adminlove520/gateway-watchdog

README.md:5

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/python-3.7%2B-blue

README.md:6

🔗

Medium External URL 外部 URL

https://www.python.org/

README.md:6

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/platform-Windows%20%7C%20Linux%20%7C%20macOS-orange

README.md:7

🔗

Medium External URL 外部 URL

https://oapi.dingtalk.com/robot/send?access_token=xxx

README.md:88

🔗

Medium External URL 外部 URL

http://www.apple.com/DTDs/PropertyList-1.0.dtd

README.md:169

🔗

Medium External URL 外部 URL

https://oapi.dingtalk.com/robot/send?access_token=YOUR_ACCESS_TOKEN

config.example.py:9

🔗

Medium External URL 外部 URL

http://127.0.0.1:

config.example.py:23

File Tree

7 files · 44.7 KB · 1247 lines

Markdown 4f · 692L Python 3f · 555L

├─ 📝 ARCHITECTURE.md Markdown 275L · 16.7 KB

├─ 📝 CHANGELOG.md Markdown 55L · 1.1 KB

├─ 🐍 config.example.py Python 49L · 1.5 KB

├─ 🐍 gateway_monitor.py Python 277L · 8.9 KB

├─ 🐍 install.py Python 229L · 6.2 KB

├─ 📝 README.md Markdown 278L · 8.7 KB

└─ 📝 SKILL.md Markdown 84L · 1.5 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`Python standard library`	`3.7+`	builtin	No	Uses only stdlib (os, sys, subprocess, urllib, json, hmac, base64)

Security Positives

✓ No credential harvesting - DingTalk webhook URL and SECRET are user-configured, not harvested

✓ No data exfiltration - only sends status notifications to user-controlled DingTalk webhook

✓ No obfuscation - all code is readable plaintext Python

✓ No sensitive path access - only accesses ~/.openclaw for logs and config

✓ No external IP communication except to user-configured DingTalk webhook

✓ Open source project with clear GitHub reference (adminlove520/gateway-watchdog)

✓ Proper error handling throughout the codebase

✓ All file operations are local and documented

Scan Report

Findings 1 items

File Tree

Dependencies 1 items

Security Positives