Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/install-openclaw-extension.mjs:143
- Evidence
const child = spawn(process.execPath, [scriptPath, ...args], {
Security audit
Security checks across malware telemetry and agentic risk
No artifact-backed suspicious behavior was identified from the accessible evidence, but the workspace artifacts could not be inspected in this run.
Treat this as an incomplete review result: VirusTotal telemetry alone is stale and not enough to justify a hold, but the artifact files should be inspected successfully before installation.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal
const child = spawn(process.execPath, [scriptPath, ...args], {api_key = [REDACTED]("WAHA_API_KEY", session_name)const apiKey = [REDACTED];
const apiKey = [REDACTED];