Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/src/commands/upgrade.js:8
- Evidence
const result = execSync('which npm', {
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a real Tencent YuanBao bot channel plugin, with credentials, WebSocket messaging, media handling, log submission, and upgrade features that mostly match what it claims to do.
Before installing, make sure you trust the publisher because this plugin will receive your YuanBao AppID/AppSecret and will handle bot conversations and media. Be aware that `/issue-log` can upload diagnostic logs, and the upgrade command may change the installed plugin version. I did not see clear internal incoherence in the provided files, but confidence is medium because many source files were omitted or truncated in the supplied artifact.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access
const result = execSync('which npm', {const result = execSync('which openclaw', {|| process.env.logUploadApiUrl?.trim()