Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/secrets/pass-resolver.js:6
- Evidence
* argv[] by spawn(), but tight input validation is a cheap second line of
Security audit
Security checks across malware telemetry and agentic risk
This appears to be what it claims: an IMAP/SMTP email channel plugin, though it runs real code and will use whatever mailbox credentials you configure.
Before installing, understand that this plugin gives OpenClaw access to read a configured mailbox and send replies through the configured SMTP account. That matches its purpose, but it is powerful: use a dedicated mailbox, prefer a restricted secret reference such as `pass` entries for only the mail passwords, keep the allowlist/rate-limit/authentication checks enabled where possible, and avoid giving the mail-facing agent broad tools or sensitive memory. Also verify the npm package metadata/scripts if you install it manually, because the registry entry has no explicit install spec even though the package contains executable code.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal
* argv[] by spawn(), but tight input validation is a cheap second line of
* argv[] by spawn(), but tight input validation is a cheap second line of
password: [REDACTED],
password: [REDACTED](imapRaw.password, `imap.password for account ${accountId}`),password: [REDACTED],
password: [REDACTED],
password: [REDACTED](imapRaw.password, `imap.password for account ${accountId}`),password: [REDACTED],