Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/deps-BVWGd2XS.js:52
- Evidence
const proc = spawn(command, args, {
Security audit
Security checks across malware telemetry and agentic risk
This is a coherent official Matrix channel plugin that uses Matrix credentials, local state, and message actions for its stated chat-integration purpose.
Install only if you intend to let OpenClaw operate a Matrix account. Use a dedicated bot account when possible, restrict rooms and DM senders with allowlists, keep auto-join limited, and protect the OpenClaw state directory because it may contain Matrix tokens and encryption state.
59/59 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
const proc = spawn(command, args, {