gateway
Manages the joelclaw gateway daemon for event handling and notifications, ensuring seamless communication and system health monitoring.
Install this skill
or
65/100
Security score
The gateway skill was audited on Mar 7, 2026 and we found 7 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 12
Webhook reference - potential data exfiltration
SourceSKILL.md
| 12 | The gateway daemon is the always-on pi session that receives events from Inngest functions, Telegram, and webhooks. It's the system's notification and communication layer. |
medium line 193
Webhook reference - potential data exfiltration
SourceSKILL.md
| 193 | | `gateway.notify(type, payload?)` | Notifications (task done, webhook) | Origin session + central gateway | |
medium line 277
Webhook reference - potential data exfiltration
SourceSKILL.md
| 277 | - Skill: [webhooks](../webhooks/SKILL.md) — inbound webhook providers |
medium line 242
Access to hidden dotfiles in home directory
SourceSKILL.md
| 242 | The gateway reads `~/.pi/agent/` at boot for identity/prompt context (SOUL.md, AGENTS.md, MEMORY.md, daily log), but the **gateway extension itself is context-local**: |
medium line 245
Access to hidden dotfiles in home directory
SourceSKILL.md
| 245 | - Active path: `~/.joelclaw/gateway/.pi/extensions/gateway` (symlink) |
medium line 246
Access to hidden dotfiles in home directory
SourceSKILL.md
| 246 | - Do **not** install/restore `~/.pi/agent/extensions/gateway` globally |
medium line 263
Access to hidden dotfiles in home directory
SourceSKILL.md
| 263 | | `~/.joelclaw/scripts/gateway-start.sh` | launchd start script | |
Scanned on Mar 7, 2026
View Security DashboardInstall this skill with one command
/learn @joelhooks/gateway