← 返回 Skills 市场

Gateway Monitor Installer

Name: Gateway Monitor Installer
Author: yes999zc

作者 yes999zc · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

265

总下载

当前安装

版本数

在 OpenClaw 中安装

/install gateway-monitor-installer

功能描述

Install, update, run, and remove OpenClaw Gateway Monitor + Gateway Watchdog on macOS via LaunchAgent. Use when user asks to deploy one-click monitoring, rec...

使用说明 (SKILL.md)

Gateway Monitor Installer

Use bundled scripts for deterministic operations.

Runbook

Install or update:

bash scripts/install.sh

Verify status:

bash scripts/status.sh

Uninstall cleanly:

bash scripts/uninstall.sh

What `install.sh` does

Copy monitor and watchdog binaries to ~/.openclaw/tools/gateway-monitor/bin/
Render LaunchAgent templates into ~/Library/LaunchAgents/
Backup existing plist files to ~/.openclaw/config-backups/
Bootstrap + enable + kickstart both agents
Run post-install status check

Services

ai.openclaw.gateway-monitor → monitor UI server (http://127.0.0.1:18990)
ai.openclaw.gateway-watchdog → periodic gateway self-healing check

Notes

Re-running install.sh is safe (idempotent)
watchdog script expects OpenClaw CLI at /opt/homebrew/bin/openclaw
If node path differs, edit assets/bin/gateway-watchdog.sh before install

安全使用建议

This package mostly does what it advertises (create user LaunchAgents and run a local monitor), but there are several red flags you should consider before installing: - The monitor binary reads local files that may contain credentials (~/.openclaw/agents/main/agent/auth-profiles.json) and also accepts an env var MINIMAX_CP_KEY; those secrets could be used in outbound requests. The SKILL metadata does not disclose needing or using credentials. - The server code performs outbound HTTPS requests to an external domain (MINIMAX_REMAINS_URL). If a local API key is included, it could be sent externally. If you do not trust the skill source, do not run it on a machine holding sensitive credentials. - install.sh references launchagent template files that are not present in the provided manifest; the installer may fail or behave unpredictably. Inspect the templates (assets/launchagents/*.plist.tpl) before running — they determine what gets launched and with what environment. - The monitor opens a local HTTP UI on 127.0.0.1:18990. Although localhost-only, any local user/process could query it; review what endpoints expose logs or status before trusting it with sensitive systems. Recommended actions: - Inspect the full gateway-monitor-server.js (and any truncated parts) to confirm exactly what data is collected and what outbound requests are made. - Verify or obtain the missing LaunchAgent templates and review them to ensure no unexpected environment or network configuration is injected. - Run the installer in an isolated account or VM first, or at minimum set firewall rules to block outbound connections and unset MINIMAX_CP_KEY to avoid leaking local keys. - If you need only a watchdog, consider extracting/rewriting a minimal watchdog script that does not read auth profiles or perform external network calls. Given the secrets-access pattern and the mismatch between declared requirements and actual file/env access, proceed only if you trust the source and have audited the code and templates; otherwise treat this skill as untrusted.

功能分析

Type: OpenClaw Skill Name: gateway-monitor-installer Version: 1.0.0 The bundle installs persistent macOS LaunchAgents and a Node.js monitoring server that reads sensitive credentials from 'auth-profiles.json' to query the MiniMax API (minimaxi.com). A significant security vulnerability exists in 'gateway-monitor-server.js' where the '/api/restore-config' endpoint performs a state-changing filesystem operation (overwriting the main configuration with a backup) via a simple GET request. While these capabilities are aligned with the stated purpose of gateway monitoring and self-healing, the combination of persistence, credential access, and insecure API design warrants a suspicious classification.

能力评估

⚠ Purpose & Capability

The scripts do implement installation/uninstall of a local monitor and watchdog via LaunchAgents (coherent with the name). However the monitor server code reads files like ~/.openclaw/agents/main/agent/auth-profiles.json and looks for an API key and also references an external MINIMAX_REMAINS_URL — access to local auth profiles and an external service are not explained in the SKILL metadata or description and are not obviously required just to 'install/run/uninstall a monitor'.

⚠ Instruction Scope

SKILL.md instructs only to run the bundled install/status/uninstall scripts, but the server binary reads local log files (~/.openclaw/logs, /tmp/openclaw/*.log), reads an auth-profiles.json for a possible API key, uses execSync to run system commands (openclaw CLI/status), and makes outbound HTTPS requests. Those behaviors extend beyond simple install/status operations and are not documented in the runbook.

⚠ Install Mechanism

There are no external downloads (good), and files are installed under the user's home directory and LaunchAgents (expected). However install.sh references launchagent template files under assets/launchagents/${LABEL}.plist.tpl which are not present in the provided file manifest — that likely makes the installer fail or behave unexpectedly. No remote code fetches were observed, but the missing templates are an inconsistency.

⚠ Credentials

The registry metadata declares no required env vars or credentials, but the code reads several env vars at runtime (e.g., MINIMAX_CP_KEY, OPENCLAW_STATUS_CMD, OPENCLAW_FULL_STATUS_CMD, PORT) and will try to read ~/.openclaw/agents/.../auth-profiles.json to extract an API key. Asking for or using sensitive local credentials is not declared or justified in the skill metadata.

ℹ Persistence & Privilege

The skill installs per-user LaunchAgents in ~/Library/LaunchAgents and copies binaries to ~/.openclaw/tools — this is normal for a user-level persistent monitor. It does not request system-wide (root) changes in the provided scripts. The service will persist and run as the user, which gives it ongoing local access to logs and local files.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install gateway-monitor-installer
安装完成后，直接呼叫该 Skill 的名称或使用 /gateway-monitor-installer 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release

元数据

Slug gateway-monitor-installer

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题