gateway
Manages the joelclaw gateway daemon for event handling and notifications, ensuring seamless communication and system health monitoring.
Install this skill
or
60/100
Security score
The gateway skill was audited on May 12, 2026 and we found 8 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 12
Webhook reference - potential data exfiltration
SourceSKILL.md
| 12 | The gateway daemon is the always-on pi session that receives events from Inngest functions, Telegram, and webhooks. It's the system's notification and communication layer. |
medium line 231
Webhook reference - potential data exfiltration
SourceSKILL.md
| 231 | | `gateway.notify(type, payload?)` | Notifications (task done, webhook) | Origin session + central gateway | |
medium line 321
Webhook reference - potential data exfiltration
SourceSKILL.md
| 321 | - Skill: [webhooks](../webhooks/SKILL.md) — inbound webhook providers |
medium line 263
Access to hidden dotfiles in home directory
SourceSKILL.md
| 263 | | Important Slack channels are not being collected | `SLACK_IMPORTANT_CHANNEL_IDS`/`SLACK_IMPORTANT_CHANNEL_NAMES` missing or channel IDs drifted | Check private `~/.joelclaw/scripts/gateway-start.sh` |
medium line 286
Access to hidden dotfiles in home directory
SourceSKILL.md
| 286 | The gateway reads `~/.pi/agent/` at boot for identity/prompt context (SOUL.md, AGENTS.md, MEMORY.md, daily log), but the **gateway extension itself is context-local**: |
medium line 289
Access to hidden dotfiles in home directory
SourceSKILL.md
| 289 | - Active path: `~/.joelclaw/gateway/.pi/extensions/gateway` (symlink) |
medium line 290
Access to hidden dotfiles in home directory
SourceSKILL.md
| 290 | - Do **not** install/restore `~/.pi/agent/extensions/gateway` globally |
medium line 307
Access to hidden dotfiles in home directory
SourceSKILL.md
| 307 | | `~/.joelclaw/scripts/gateway-start.sh` | launchd start script | |
Scanned on May 12, 2026
View Security Dashboard