Skill Trust Decision
gateway-monitor-installer
Skill contains undeclared external network access and reads API credentials from auth profiles to transmit to minimaxi.com, with missing template files referenced in documentation.
Most direct threat evidence
Why this conclusion was reached
1/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
3 lower-risk artifacts were extracted and still need context.
Pass
Attack chain and severe findings
There is no explicit malicious chain in the report.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
What drove the risk score up
Undeclared external network access +15
SKILL.md does not mention HTTPS calls to minimaxi.com for coding plan status
Undeclared credential file access +15
gateway-monitor-server.js reads ~/.openclaw/agents/main/agent/auth-profiles.json without documentation
Missing template files +10
SKILL.md references assets/launchagents/*.plist.tpl which do not exist in the package
API key transmission to external service +10
MiniMax API key is sent to minimaxi.com via Authorization header
Most important evidence
Medium Doc Mismatch
Undeclared external network access
The gateway-monitor-server.js makes HTTPS requests to https://www.minimaxi.com/v1/api/openplatform/coding_plan/remains without any mention in SKILL.md. This is a hidden network behavior.
assets/bin/gateway-monitor-server.js:28 Document all external API endpoints in SKILL.md capabilities section
Medium Sensitive Access
Undeclared credential file access
The skill reads the MiniMax API key from ~/.openclaw/agents/main/agent/auth-profiles.json, a sensitive credential storage location, without declaring this access in documentation.
assets/bin/gateway-monitor-server.js:309 Declare access to credential files in SKILL.md or use only environment variables
Medium Doc Mismatch
Missing launchagent template files
SKILL.md and install.sh reference template files at assets/launchagents/*.plist.tpl that do not exist in the package. These files are needed for the installation to succeed.
SKILL.md:24 Include the missing launchagent plist template files in the package
Low Data Exfil
API key transmitted to external service
The MiniMax API key is sent in the Authorization header to an external service (minimaxi.com). While the service appears legitimate, the transmission of credentials to external endpoints is a sensitive behavior.
assets/bin/gateway-monitor-server.js:344 Document this behavior explicitly and consider if the API call is necessary for the core functionality
Declared capability vs actual capability
Filesystem Pass
Declared WRITE
→ Inferred READ
SKILL.md declares file write to ~/.openclaw/tools/ Network Block
Declared NONE
→ Inferred READ
gateway-monitor-server.js:28 - external HTTPS call to minimaxi.com not declared Shell Pass
Declared WRITE
→ Inferred WRITE
launchctl commands in install.sh/status.sh are documented Environment Block
Declared NONE
→ Inferred READ
gateway-monitor-server.js:309 - reads MINIMAX_CP_KEY from environment Suspicious artifacts and egress
Medium External URL
http://127.0.0.1:18990 SKILL.md:40
Medium External URL
https://www.minimaxi.com/v1/api/openplatform/coding_plan/remains assets/bin/gateway-monitor-server.js:28
Medium External URL
http://127.0.0.1:18990/api/summary scripts/status.sh:25
Dependencies and supply chain
There are no structured dependency warnings.
File composition
6 files · 1527 lines
JavaScript 1 files · 1321 linesShell 4 files · 159 linesMarkdown 1 files · 47 lines
Files of concern · 3
assets/bin/gateway-monitor-server.js Undeclared external network access · Undeclared credential file access · API key transmitted to external service · https://www.minimaxi.com/v1/api/openplatform/coding_plan/remains
SKILL.md Missing launchagent template files · http://127.0.0.1:18990
scripts/status.sh http://127.0.0.1:18990/api/summary
Other files · install.sh · gateway-watchdog.sh · uninstall.sh
Security positives
No reverse shell or C2 infrastructure detected
No base64-encoded or obfuscated payloads found
Uses standard macOS LaunchAgent for service management (legitimate)
HTTPS used for external communication (not plaintext)
No credential exfiltration to attacker-controlled infrastructure
Configuration backup mechanism is sensible
Error handling appears robust