Back to plugin

Security audit

Orca

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Orca guardrails integration, but it should be reviewed because its docs repeatedly tell users to bypass OpenClaw's plugin scanner while the plugin forwards tool events to a local executable.

Install only if you already trust the Orca binary on your PATH and the source-linked package. Treat `--dangerously-force-unsafe-install` as a manual review decision, not a normal install step. Expect Orca to receive tool-call details and to be able to block tool execution; no remote telemetry or plugin-side persistence was observed.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.js:42
Evidence
const which = execSync('which orca', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'ignore'] });