Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- src/client.ts:660
- Evidence
const child = spawn(this.command, ["app-server", ...this.args], {
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a real OpenClaw-to-Codex bridge, and its powerful behaviors match what it says it does.
Install this only if you want Telegram or Discord conversations to control your local Codex threads. Be especially careful with bound chats and the Full Access/yolo permission controls, because they can allow Codex to act more freely in the selected workspace. Also verify any configured WebSocket URL, auth token, headers, command, and args are ones you trust. Confidence is medium because some source files were truncated or omitted in the provided artifact, but the visible code and documentation are internally consistent.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
const child = spawn(this.command, ["app-server", ...this.args], {