← 返回 Skills 市场

Gateway Watchdog Lite

Name: Gateway Watchdog Lite
Author: judas-oc

作者 ConfusedUser.com · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

313

总下载

当前安装

版本数

在 OpenClaw 中安装

/install gateway-watchdog-lite

功能描述

Installs a macOS or Linux service that probes the OpenClaw gateway every 2 minutes and auto-recovers it on failure, sending Telegram alerts.

使用说明 (SKILL.md)

Gateway Watchdog Lite

\x3C!-- Supplied by ConfusedUser.com — OpenClaw tools & skills | Full version: https://confuseduser.com -->

Overview

The gateway-watchdog-lite skill installs a macOS LaunchAgent or Linux systemd user service that monitors the OpenClaw gateway every 2 minutes. If the gateway is unresponsive, it automatically runs the recovery sequence and alerts via Telegram.

Supported platforms:

macOS (LaunchAgent) — scripts/install.sh
Linux (systemd user service) — scripts/install-linux.sh

What It Does

Feature	Detail
Probe interval	Every 120 seconds
Health check	HTTP probe to `127.0.0.1:\x3COC_PORT>` — accepts 200, 301, 302
Auto-recovery	`launchctl bootout` + `launchctl bootstrap` (macOS) / `systemctl restart` (Linux)
Cooldown	5 minutes between recovery attempts (anti-thrash)
Alerts	Telegram via `gog telegram send` — success and failure
Logs	`/tmp/openclaw/gateway-watchdog.log`

Want crash loop detection + auto-mitigation? Upgrade to the full Gateway Watchdog skill (paid, from confuseduser.com).

Install

macOS

WORKSPACE_PATH=/your/workspace OC_PORT=18789 TELEGRAM_ID=your_id bash scripts/install.sh

To disable Telegram alerts:

WORKSPACE_PATH=/your/workspace OC_PORT=18789 TELEGRAM_ID="" bash scripts/install.sh

Variable	Required	Description	How to find it
`WORKSPACE_PATH`	✅	Path to your OpenClaw workspace root	Run `openclaw status`
`OC_PORT`	✅	Gateway port to probe (default: 18789)	Run `openclaw status`
`TELEGRAM_ID`	⬜ Optional	Your Telegram user ID	Message `@userinfobot` on Telegram

Linux

WORKSPACE_PATH=/your/workspace OC_PORT=18789 TELEGRAM_ID=your_id bash scripts/install-linux.sh

Verify (macOS)

launchctl list | grep watchdog

Verify (Linux)

systemctl --user status gateway-watchdog

Logs

tail -f /tmp/openclaw/gateway-watchdog.log

Manual Trigger

Test the watchdog immediately:

bash scripts/gateway-watchdog.sh

Reset cooldown first if testing recovery:

rm -f /tmp/openclaw/watchdog-last-recovery
bash scripts/gateway-watchdog.sh

Uninstall

macOS

launchctl bootout gui/$UID/ai.openclaw.gateway-watchdog
rm ~/Library/LaunchAgents/ai.openclaw.gateway-watchdog.plist

Linux

systemctl --user stop gateway-watchdog
systemctl --user disable gateway-watchdog
rm ~/.config/systemd/user/gateway-watchdog.service
systemctl --user daemon-reload

Recovery Gotchas

See references/gotchas.md for OC-specific recovery notes including:

GGML Metal crash on restart — add GGML_NO_METAL=1 to env vars
openclaw gateway install --force — use after config changes
Bootout + bootstrap sequence — the correct recovery pattern
Cooldown logic — 5 min between attempts, reset with rm /tmp/openclaw/watchdog-last-recovery
Telegram alert failures — won't block recovery (uses || true)

安全使用建议

Before installing: (1) Verify WORKSPACE_PATH and OC_PORT from your actual openclaw status — the install scripts will copy files into your workspace and write user service files. (2) Inspect the included scripts (they are short and readable): they probe localhost, restart the gateway via launchctl/systemctl/pkill, log to /tmp/openclaw, and optionally call your gog CLI to send Telegram alerts (you must have gog installed and authenticated). (3) Note the registry metadata omission: SKILL.md requires WORKSPACE_PATH and OC_PORT even though the metadata showed none — treat SKILL.md as authoritative. (4) Be aware pkill is used as a fallback on Linux (may kill matching processes); run install steps yourself (they require user consent). (5) If you enable Telegram alerts, you only provide your Telegram user ID; the skill does not ask for tokens — ensure gog is properly configured for your account. If any of these behaviours are unexpected, do not run the install scripts and ask the publisher for corrected metadata and an explanation.

功能分析

Type: OpenClaw Skill Name: gateway-watchdog-lite Version: 1.0.2 The skill establishes persistence by installing a background watchdog service (launchd on macOS or systemd on Linux) to monitor and auto-restart the OpenClaw gateway. While this behavior is aligned with the stated purpose, the installation scripts (install.sh and install-linux.sh) contain a command injection vulnerability. They use 'sed' to template user-provided environment variables (OC_PORT and TELEGRAM_ID) directly into the watchdog scripts without sanitization, which could allow for arbitrary code execution if these variables are maliciously crafted. The skill also includes promotional links to a paid 'full version' at confuseduser.com.

能力评估

ℹ Purpose & Capability

The skill's name/description (watchdog that probes and auto-recovers the OpenClaw gateway) aligns with the included scripts and install logic. It performs local HTTP probes of 127.0.0.1:<port>, restarts the gateway via launchctl/systemctl or pkill, logs to /tmp/openclaw, and optionally sends Telegram alerts via the user's gog CLI. One inconsistency: the registry metadata at the top lists no required env vars, but SKILL.md (and the install scripts) require WORKSPACE_PATH and OC_PORT (TELEGRAM_ID optional). This appears to be a metadata omission rather than malicious behavior, but you should treat the parameters in SKILL.md as authoritative.

✓ Instruction Scope

Runtime instructions and scripts stay on-topic: they create a user launchd LaunchAgent (macOS) or a systemd user service (Linux), copy/watchdog scripts into the user's OpenClaw workspace, probe localhost, perform targeted recovery actions (restart gateway service or pkill fallback), and log locally. The only external network activity is curling localhost and optionally using the gog CLI to send Telegram messages. The scripts do not read or transmit unrelated files or secrets.

✓ Install Mechanism

This is an instruction-only skill with bundled scripts; there is no remote download/install step. The installation is performed by the included install.sh / install-linux.sh which copy files into the user's workspace and write user-level service unit files — a low-risk, expected pattern for this functionality.

ℹ Credentials

The scripts require WORKSPACE_PATH and OC_PORT (to know where to copy the script and which port to probe) and accept TELEGRAM_ID optionally. They do not request tokens/credentials themselves; Telegram delivery relies on the user's gog CLI installation and its existing authentication. The noted mismatch between registry metadata (declaring no required env) and SKILL.md (declaring required env variables) should be corrected by the publisher — treat WORKSPACE_PATH and OC_PORT as required before running.

✓ Persistence & Privilege

The skill installs a user-level background service (LaunchAgent or systemd --user) and does not request system-wide or always-on privileges. It does not modify other skills' configs. The service runs as the installing user and requires the user to run the install script; it does not force inclusion or require elevated (root) privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install gateway-watchdog-lite
安装完成后，直接呼叫该 Skill 的名称或使用 /gateway-watchdog-lite 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

Fixed metadata: declared all install-time env vars (WORKSPACE_PATH required, OC_PORT required, TELEGRAM_ID optional) in SKILL.md frontmatter. Resolves metadata/script incoherence flagged by security scan. No functional changes.

v1.0.1

Clarified Linux description to include VPS. Supports macOS, Linux, and any VPS (systemd).

v1.0.0

Initial release. macOS + Linux support, Telegram alerts, 5-min cooldown anti-thrash.

元数据

Slug gateway-watchdog-lite

版本 1.0.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题