Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/release-check.ts:144
- Evidence
execFileSync(cmd, args, { cwd: ROOT, encoding: "utf8", stdio: ["ignore", "pipe", "pipe"], timeout: 180_000 });
Security audit
Security checks across malware telemetry and agentic risk
This safety plugin appears purpose-built and non-malicious, but it persistently records user/action metadata by default with incomplete disclosure and limited controls.
Install only if you are comfortable with a local safety plugin observing OpenClaw activity and writing audit/state metadata under ~/.openclaw. Review or override the audit and state settings before use, keep redaction enabled, and avoid using it in highly sensitive chats or environments unless you accept the local metadata trail.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal
execFileSync(cmd, args, { cwd: ROOT, encoding: "utf8", stdio: ["ignore", "pipe", "pipe"], timeout: 180_000 });const stdout = execFileSync(cmd, args, { cwd: opts.cwd, encoding: "utf8", timeout: opts.timeoutMs ?? 10_000, stdio: ["ignore", "pipe", "pipe"] });const decision = decideOutboundMessage({ content: "api_key=[REDACTED]" }, config);const decision = decideOutboundMessage({ content: "api_key=[REDACTED]" }, config);