Documentation contains a destructive delete command without an explicit confirmation gate.
Warn
- Code
- suspicious.destructive_delete_command
- Location
- CHANGELOG.md:56
- Evidence
rm -rf ~/.openclaw/extensions/bee-push-email
Security audit
Security checks across malware telemetry and agentic risk
This email-notification plugin mostly matches its purpose, but its auto-reply implementation can bypass the promised approval behavior in ask mode.
Review this skill carefully before installing. Use an app-specific email password, lock down your OpenClaw config file, keep auto-reply off unless you fully trust the rules, and avoid `reply` or `agent_command` rules until the ask-mode approval and email-content containment issues are fixed.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.destructive_delete_command
rm -rf ~/.openclaw/extensions/bee-push-email
rm -rf ~/.openclaw/extensions/bee-push-email