Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/index.js:43
- Evidence
runChild = spawn(process.execPath, [agentScript, "run", "--base", base], {
Security audit
Security checks across malware telemetry and agentic risk
ClawWatch appears to do what it claims: run a background telemetry agent that reports OpenClaw/node metrics to a ClawWatch server.
Install this only if you are comfortable sending node telemetry such as CPU, memory, disk/GPU data, local IP/region-style metadata, token usage, and OpenClaw status information to the ClawWatch Worker at `https://cw.osglab.win` or your configured Worker. The main behavior matches the description, but note the small metadata inconsistencies and that the provided `src/agent.mjs` content was truncated in the review data, so this assessment has medium—not high—confidence.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access
runChild = spawn(process.execPath, [agentScript, "run", "--base", base], {const out = execSync('df -h / | tail -1', { timeout: 5000 }).toString().trim();runChild = spawn(process.execPath, [agentScript, 'run', '--base', base], {const LANG = (process.env.OPENCLAW_LANG || Intl.DateTimeFormat().resolvedOptions().locale || 'en')