by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill will automatically perform gateway restarts and then try to proactively notify the originating session and external channels. Before installing or enabling it:
- Be aware it is designed to auto-run on simple natural-language triggers (e.g. "restart now") and may restart a gateway without extra confirmation. Consider requiring explicit human confirmation in your deployment if you don't want one-shot voice/text triggers to restart production.
- Review and limit the GATEWAY_AUTH_TOKEN ...详细分析 ▾
ℹ 用途与能力
Name/description (deterministic gateway restart + notifications) aligns with the included scripts and config. Required binaries (python3, curl) and GATEWAY_AUTH_TOKEN are consistent with the HTTP/CLI notification paths and restart operations. The skill also includes multi-channel notification support (telegram/discord/slack/webhook/openclaw passthrough), which is expected for its stated delivery guarantees.
⚠ 指令范围
SKILL.md and the implementation explicitly require the agent to auto-run the full restart flow on simple natural-language triggers (e.g. "restart now") and to infer the origin session automatically. That gives the agent discretion to perform a destructive, high-impact operation without additional interactive confirmation. The code reads local files (openclaw.json, ~/.openclaw/.env) and writes local diagnostics/context files; while these are relevant to restart/notification, automatic inference and the directive "do not expose internal scripts/steps unless user explicitly asks" reduce transparency and increase risk of unintended restarts or hidden actions.
✓ 安装机制
This is an instruction-only skill with bundled Python scripts (no external install/download step). There is no remote URL or archive extract in the install spec — code is present in the skill bundle and runs locally. No high-risk install mechanism detected.
⚠ 凭证需求
The skill declares a single required env var (GATEWAY_AUTH_TOKEN) which is reasonable for using the gateway HTTP tool. However, notify logic will read other notification secrets (TELEGRAM_BOT_TOKEN, DISCORD_WEBHOOK_URL, SLACK_WEBHOOK_URL, RESTART_GUARD_WEBHOOK_URL, etc.) from environment or from a user dotfile (~/.openclaw/.env). The code will open and parse that dotfile to resolve keys, which can expose unrelated secrets stored there. The number/variety of optional env keys is proportional to multi-channel notifications but the implicit dotenv access and passthrough to external webhooks warrant caution.
ℹ 持久化与权限
always is false and the skill does not request permanent platform-wide inclusion. It spawns a detached guardian process to persist across a gateway restart (intended behavior) and the guardian exits after completion. Autonomous invocation is enabled (platform default); combined with the explicit 'must auto-run' trigger policy in SKILL.md this increases the operational blast radius, but the skill itself does not set always:true or modify other skills' configs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.2.02026/2/7
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install restart-guard
镜像加速npx clawhub@latest install restart-guard --registry https://cn.longxiaskill.com