Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/src/providers/tock/trg.js:42
- Evidence
const child = spawn(bin, args, { stdio: ["ignore", "pipe", "pipe"] });
Security audit
Security checks across malware telemetry and agentic risk
This reservation skill is transparent about most behavior, but it needs review because it can use sensitive account tokens and one OpenClaw tool can queue unattended real bookings without the documented opt-in gate.
Review before installing. Use it only if you are comfortable giving the plugin access to reservation-account tokens/cookies and allowing it to create or cancel real reservations. Avoid enabling sniping or OpenTable/Tock site automation unless you understand the unattended-booking and terms-of-service risks; verify the OpenClaw schedule_snipe gate before relying on the documented opt-in behavior.
60/60 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
const child = spawn(bin, args, { stdio: ["ignore", "pipe", "pipe"] });const child = spawn(bin, args, { stdio: ["ignore", "pipe", "pipe"] });