critical
suspicious.dangerous_exec
- Location
- scripts/plaud-export.js:15
- Finding
- Shell command execution detected (child_process).
OpenClaw Skill Plaud Note Taking
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
The agent can run the Plaud CLI for exports and create transcript/summary files on the local machine.
Why it was flagged
The helper executes the local Plaud CLI to fetch metadata, summaries, and transcripts. This is central to the export purpose and does not use a shell string, but it is still local command execution.
Skill content
const result = spawnSync('plaud', args, { encoding: 'utf8' });Recommendation
Use CLI/export actions only when you intend to export a recording, keep the Plaud CLI installation trusted, and choose normal scoped output folders.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Authenticated Plaud tools can list and read your Plaud recordings, summaries, notes, and transcripts.
Why it was flagged
The skill uses delegated Plaud account authentication to access recordings. This is expected for the integration and is disclosed, but it gives the agent access to private account data.
Skill content
If unauthenticated: 1. Run `plaud__login` for MCP auth. 2. If CLI auth is needed, run `plaud login`.
Recommendation
Authenticate only the intended Plaud account, ask for specific recordings or date ranges when possible, and log out or revoke access if you no longer use the skill.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Future versions of the external Plaud packages may behave differently from the version reviewed here.
Why it was flagged
The setup documentation pulls external Plaud MCP/CLI packages using @latest. This is user-directed and purpose-aligned, but unpinned external packages can change over time.
Skill content
openclaw mcp set plaud '{"command":"npx","args":["-y","@plaud-ai/mcp@latest"]}' ... npm install -g @plaud-ai/cli@latestRecommendation
Install Plaud MCP/CLI only from trusted sources, consider pinning known-good versions, and inspect package provenance before authenticating.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Anyone who is allowed to use the configured Telegram bot command could potentially request Plaud recording information through that channel.
Why it was flagged
The skill can expose Plaud transcript and summary workflows through a Telegram bot command. This is disclosed and purpose-aligned, but private recording content may be returned over that channel.
Skill content
This skill supports a single Telegram command shape ... `/plaud transcript [target]`: fetch transcript or explain if unavailable
Recommendation
Restrict Telegram bot access to trusted users/chats and avoid enabling this command in shared groups unless that is intended.