Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/auth.js:119
- Evidence
execFile(cmd, args, (err) => {
Security audit
Security checks across malware telemetry and agentic risk
This payments plugin is coherent, but it needs Review because it can send payment tokens and prompts to caller-supplied agent URLs without strong destination controls.
Install only if you trust the Nevermined integration and will control which agent URLs are used. Prefer browser login or a protected secret store over pasting API keys in chat or committing them to openclaw.json. Use HTTPS agent URLs, verify the destination really belongs to the intended paid agent, and avoid sending sensitive prompts or payment tokens to untrusted endpoints.
2/60 vendors flagged this plugin as malicious, and 58/60 flagged it as clean.
Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal
execFile(cmd, args, (err) => {return result({ accessToken: [REDACTED] });