Back to plugin

Security audit

ClawSpec

Security checks across malware telemetry and agentic risk

Overview

ClawSpec is a coherent project-workflow plugin, but it deserves review because it can auto-install toolchain packages and run a persistent background coding worker with broad default execution approval.

Review the configured ACP worker and permission mode before using cs-work. Install only if you are comfortable with the plugin running background implementation agents, writing project-local state, and potentially auto-installing OpenSpec/acpx tooling; prefer pinned dependencies and restrictive approvals for sensitive repositories.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/acp/client.ts:562
Evidence
const watchdog = spawn(process.execPath, [

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/openspec/cli.ts:106
Evidence
const child = spawn(commandLabel, {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/utils/shell-command.ts:21
Evidence
return spawn(commandLabel, {