中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 12/100
Last scan:1 day ago Rescan
12 /100
gateway-monitor-macos
Install and operate a local OpenClaw Gateway Monitor stack on macOS with LaunchAgent + watchdog
This is a legitimate local macOS monitoring dashboard for OpenClaw Gateway with no malicious behavior. All network requests are outbound HTTPS to known APIs, credential access is limited to the local OpenClaw auth store for usage monitoring, and shell execution is documented and relevant to the monitoring functionality.
Skill Namegateway-monitor-macos
Duration72.8s
Enginepi
Safe to install
This skill is safe to use. The main concern is the local HTTP server on port 18990 being accessible to other local processes - ensure the machine is not shared or exposed.

Findings 2 items

Severity Finding Location
Low
Local HTTP server without authentication Sensitive Access
server.js creates an unauthenticated HTTP server on port 18990. Any local process or user on the macOS machine can query /api/* endpoints including session data, gateway status, and MiniMax API responses.
const PORT = Number(process.env.PORT || 18990);
const server = http.createServer(...)
→ Consider adding localhost authentication or binding to a socket with restricted permissions if the machine is multi-user.
 assets/gateway-monitor/server.js:1
Low
SKILL.md does not mention network:READ capability Doc Mismatch
SKILL.md only describes install/status/uninstall scripts but does not declare that the monitor runs a web server making external API calls to MiniMax and GitHub.
Run this skill when you need a reproducible install of gateway monitor + watchdog on macOS.
→ Add a 'Capabilities' or 'Network' section to SKILL.md describing the external API calls (MiniMax coding plan check, GitHub releases check).
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned install.sh:45-89 writes plists, rsync copies files to ~/.openclaw/
Shell WRITE WRITE ✓ Aligned install.sh runs launchctl, rsync, chmod; server.js:297 execSync for gateway stat…
Network READ READ ✓ Aligned server.js:29-32 makes outbound HTTPS calls to minimaxi.com and GitHub API
Environment NONE READ ✓ Aligned server.js:318 reads MINIMAX_CP_KEY from env - documented purpose for API auth
Skill Invoke NONE INVOKE ✓ Aligned This is the skill itself
4 findings
🔗
Medium External URL 外部 URL
https://www.minimaxi.com/v1/api/openplatform/coding_plan/remains
assets/gateway-monitor/server.js:29
🔗
Medium External URL 外部 URL
http://127.0.0.1:9981/v1/models
assets/gateway-monitor/server.js:32
🔗
Medium External URL 外部 URL
http://127.0.0.1:9981
assets/gateway-monitor/server.js:154
🔗
Medium External URL 外部 URL
http://www.apple.com/DTDs/PropertyList-1.0.dtd
scripts/install.sh:44

File Tree

8 files · 127.9 KB · 3870 lines
JavaScript 1f · 1974L HTML 1f · 1642L Shell 4f · 186L Markdown 2f · 68L
├─ 📁 assets
│ └─ 📁 gateway-monitor
│ ├─ 📁 public
│ │ └─ 📄 index.html HTML 1642L · 62.8 KB
│ ├─ 🔧 gateway-watchdog.sh Shell 33L · 1.5 KB
│ └─ 📜 server.js JavaScript 1974L · 57.9 KB
├─ 📁 scripts
│ ├─ 🔧 install.sh Shell 120L · 3.3 KB
│ ├─ 🔧 status.sh Shell 17L · 417 B
│ └─ 🔧 uninstall.sh Shell 16L · 452 B
├─ 📝 README.md Markdown 22L · 464 B
└─ 📝 SKILL.md Markdown 46L · 1.0 KB

Security Positives

✓ No base64-encoded payloads or obfuscated code found
✓ No reverse shell, C2, or data exfiltration to external IPs
✓ MiniMax API key is read from local OpenClaw auth store and only used to query usage - not exfiltrated
✓ All external network calls are outbound HTTPS to legitimate APIs (MiniMax, GitHub, local OMLX)
✓ File operations are scoped to ~/.openclaw/ directory only
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or system credentials
✓ LaunchAgent persistence is explicitly declared and relevant to the skill's purpose
✓ execSync usage is limited to reading gateway status via CLI tools - documented and necessary
✓ No curl|bash or wget|sh remote script execution patterns
✓ No prompt injection, supply chain risks, or credential harvesting for external theft