Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- index.js:47
- Evidence
daemonProcess = execFile(PYTHON, [daemonScript, "--daemon"], {
Security audit
Security checks across malware telemetry and agentic risk
This package mostly does what it advertises, but it installs a broad autonomous agent layer with persistent scheduled jobs, workspace-wide scans, code execution, and file-moving cleanup behavior that needs careful review before use.
Review this carefully before installing. It is not flagged as malicious, but installing it means allowing a community package to run code during bootstrap, deploy many Python engines into your OpenClaw workspace, scan and index local memory/skills/configuration, register recurring jobs, and perform automatic cleanup/archival actions. Use it only in a workspace where you are comfortable with persistent automation, and verify how to disable cron jobs, remove state files, and prevent remote embedding use before enabling it on sensitive data.
59/59 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
daemonProcess = execFile(PYTHON, [daemonScript, "--daemon"], {