Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/runtime.js:451
- Evidence
const r = spawnSync("ows", ["--version"], { encoding: "utf8", timeout: 5000 });
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a real StablePay wallet/payment plugin, but it grants broad wallet-signing and payment authority that users should review carefully before enabling.
Install only if you intend to give OpenClaw wallet-signing and StablePay payment capabilities. Use trusted backends, keep auto-payment thresholds minimal, protect the master key and OWS credentials, and require manual approval for raw signing or payment execution.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.install_untrusted_source
const r = spawnSync("ows", ["--version"], { encoding: "utf8", timeout: 5000 });const r = spawnSync("ows", ["--version"], { encoding: "utf8", timeout: 5000 });const token = process.env[this.cfg.owsRestApiKeyEnv];
const PORT = Number(process.env.PORT || 8787);
const token = process.env[this.cfg.owsRestApiKeyEnv];
"backendBaseUrl": "http://127.0.0.1:28080",
"default": "http://127.0.0.1:8080",