Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/acp/client.ts:562
- Evidence
const watchdog = spawn(process.execPath, [
Security audit
Security checks across malware telemetry and agentic risk
ClawSpec is a coherent project-workflow plugin, but it deserves review because it can auto-install toolchain packages and run a persistent background coding worker with broad default execution approval.
Review the configured ACP worker and permission mode before using cs-work. Install only if you are comfortable with the plugin running background implementation agents, writing project-local state, and potentially auto-installing OpenSpec/acpx tooling; prefer pinned dependencies and restrictive approvals for sensitive repositories.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
const watchdog = spawn(process.execPath, [
const child = spawn(commandLabel, {return spawn(commandLabel, {