Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/plaud-export.js:15
Security audit
OpenClaw Skill Plaud Note Taking
Security checks across malware telemetry and agentic risk
Overview
This Plaud skill is a disclosed note-taking integration that accesses private Plaud recordings only for expected listing, summarizing, transcript, and export workflows.
Install this only if you intend to let OpenClaw access your Plaud recordings. Authenticate the intended Plaud account, keep Telegram bot access limited to trusted chats, prefer specific recording IDs or date ranges, and consider pinning or reviewing the external Plaud MCP/CLI packages instead of relying on @latest.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.
Static analysis
Detected: suspicious.dangerous_exec