Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/src/runtime/services.js:65
- Evidence
const child = spawn(nodeBin, [bridgePath], {
Security audit
Security checks across malware telemetry and agentic risk
This plugin’s bridge purpose is clear, but its setup grants persistent local execution and broad Emperor API authority with under-scoped secret handling and remote code execution during bootstrap.
Install only if you trust the publisher and the configured Emperor API host to deliver executable code. Use a narrowly scoped, revocable token, expect a persistent local bridge service, review the companion directory and .env permissions, and rotate the token if the bridge has already exposed it to model prompts or logs.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access
const child = spawn(nodeBin, [bridgePath], {const child = spawn(nodeBin, [bridgePath], {emperorTokenPresent: Boolean(process.env.EMPEROR_API_TOKEN || process.env.EMPEROR_CLAW_API_TOKEN),
return process.env.OPENCLAW_HOME || path.join(os.homedir(), ".openclaw");
const envApiUrl = String(process.env.EMPEROR_API_URL || process.env.EMPEROR_CLAW_API_URL || "").trim();
const API_URL = process.env.EMPEROR_CLAW_API_URL || "https://emperorclaw.malecu.eu";
emperorTokenPresent: Boolean(process.env.EMPEROR_API_TOKEN || process.env.EMPEROR_CLAW_API_TOKEN),
return process.env.OPENCLAW_HOME || path.join(os.homedir(), ".openclaw");
const envApiUrl = String(process.env.EMPEROR_API_URL || process.env.EMPEROR_CLAW_API_URL || "").trim();