Back to plugin

Security audit

Atomic Waha V3

Security checks across malware telemetry and agentic risk

Overview

No artifact-backed suspicious behavior was identified from the accessible evidence, but the workspace artifacts could not be inspected in this run.

Treat this as an incomplete review result: VirusTotal telemetry alone is stale and not enough to justify a hold, but the artifact files should be inspected successfully before installation.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/install-openclaw-extension.mjs:143
Evidence
const child = spawn(process.execPath, [scriptPath, ...args], {

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
bin/atomic_waha_v3_cli.py:954
Evidence
api_key = [REDACTED]("WAHA_API_KEY", session_name)

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/client.js:442
Evidence
const apiKey = [REDACTED];

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/client.ts:698
Evidence
const apiKey = [REDACTED];