Gateway Watchdog 安全扫描报告 — 可信 | ClawSafe

10 /100

Gateway Watchdog

Gateway monitoring tool with auto-restart and DingTalk notifications

A legitimate Gateway monitoring tool with clear documentation, proper capability declarations, and no malicious behavior observed.

技能名称Gateway Watchdog

分析耗时36.2s

引擎pi

✓

可以安装

This skill can be approved for use. All operations align with stated functionality (monitoring, auto-restart, DingTalk notifications).

安全发现 1 项

严重性	安全发现	位置
低危	Shell execution not explicitly declared 文档欺骗 SKILL.md describes 'auto-restart' and 'auto-start' but doesn't explicitly mention subprocess/shell:WRITE usage. The install.py script uses subprocess to run schtasks, systemctl, and launchctl commands. `subprocess.run(["schtasks", "/query", "/tn", task_name], capture_output=True, text=True)` → Add explicit declaration of shell:WRITE capability in SKILL.md to document subprocess usage for scheduled tasks	`install.py:25`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	Writes logs to ~/.openclaw/gateway-watchdog.log - declared in docs
网络访问	`READ/WRITE`	`READ/WRITE`	✓ 一致	Checks localhost:18789, sends DingTalk webhook - declared
命令执行	`NONE`	`WRITE`	✓ 一致	Uses subprocess for process management and scheduled tasks
环境变量	`NONE`	`READ`	✓ 一致	Reads USER env var for systemd service creation
技能调用	`NONE`	`NONE`	—	No skill invocation observed

10 项发现

🔗

中危外部 URL 外部 URL

https://keepachangelog.com/en/1.0.0/

CHANGELOG.md:5

🔗

中危外部 URL 外部 URL

https://semver.org/spec/v2.0.0.html

CHANGELOG.md:6

🔗

中危外部 URL 外部 URL

https://img.shields.io/github/stars/adminlove520/gateway-watchdog

README.md:5

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/python-3.7%2B-blue

README.md:6

🔗

中危外部 URL 外部 URL

https://www.python.org/

README.md:6

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/platform-Windows%20%7C%20Linux%20%7C%20macOS-orange

README.md:7

🔗

中危外部 URL 外部 URL

https://oapi.dingtalk.com/robot/send?access_token=xxx

README.md:88

🔗

中危外部 URL 外部 URL

http://www.apple.com/DTDs/PropertyList-1.0.dtd

README.md:169

🔗

中危外部 URL 外部 URL

https://oapi.dingtalk.com/robot/send?access_token=YOUR_ACCESS_TOKEN

config.example.py:9

🔗

中危外部 URL 外部 URL

http://127.0.0.1:

config.example.py:23

目录结构

7 文件 · 44.7 KB · 1247 行

Markdown 4f · 692L Python 3f · 555L

├─ 📝 ARCHITECTURE.md Markdown 275L · 16.7 KB

├─ 📝 CHANGELOG.md Markdown 55L · 1.1 KB

├─ 🐍 config.example.py Python 49L · 1.5 KB

├─ 🐍 gateway_monitor.py Python 277L · 8.9 KB

├─ 🐍 install.py Python 229L · 6.2 KB

├─ 📝 README.md Markdown 278L · 8.7 KB

└─ 📝 SKILL.md Markdown 84L · 1.5 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`Python standard library`	`3.7+`	builtin	否	Uses only stdlib (os, sys, subprocess, urllib, json, hmac, base64)

安全亮点

✓ No credential harvesting - DingTalk webhook URL and SECRET are user-configured, not harvested

✓ No data exfiltration - only sends status notifications to user-controlled DingTalk webhook

✓ No obfuscation - all code is readable plaintext Python

✓ No sensitive path access - only accesses ~/.openclaw for logs and config

✓ No external IP communication except to user-configured DingTalk webhook

✓ Open source project with clear GitHub reference (adminlove520/gateway-watchdog)

✓ Proper error handling throughout the codebase

✓ All file operations are local and documented