Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/backchannel-server.test.ts:30
- Evidence
const child = spawn(process.execPath, [serverPath], {
Security audit
Security checks across malware telemetry and agentic risk
This appears to be what it claims—a Codex runtime for OpenClaw—but it gives Codex a configurable backchannel into OpenClaw that users should understand before enabling.
Install this only if you want Codex to become an OpenClaw runtime and to receive OpenClaw context through the backchannel. Keep inheritEnv disabled unless you have a specific reason, keep backchannel allowedMethods/readMethods narrow, do not set apiKeyEnv to an unrelated secret, and only use --auth none on loopback test gateways as the docs warn.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal
const child = spawn(process.execPath, [serverPath], {...([REDACTED] ? { password: [REDACTED] } : {}),process.env.GITHUB_TOKEN = "[REDACTED]";