Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/index.js:42
- Evidence
const which = execSync('which orca', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'ignore'] });
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a real Orca guardrails integration, but it should be reviewed because its docs repeatedly tell users to bypass OpenClaw's plugin scanner while the plugin forwards tool events to a local executable.
Install only if you already trust the Orca binary on your PATH and the source-linked package. Treat `--dangerously-force-unsafe-install` as a manual review decision, not a normal install step. Expect Orca to receive tool-call details and to be able to block tool execution; no remote telemetry or plugin-side persistence was observed.
60/60 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
const which = execSync('which orca', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'ignore'] });