Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dashboard-dist/api/index.js:889
- Evidence
var match = FIRST_CHAR_REGEXP.exec(str)
Security audit
Security checks across malware telemetry and agentic risk
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions, system-prompt-override, unicode-control-chars); human review is required before treating this skill as clean.
Install MoltGuard only if you want a security gateway with broad visibility into OpenClaw activity. After installing, review the local gateway setting, Core API URL, API key handling, autoscan setting, and dashboard logs, especially before using it with confidential workspaces. ClawScan detected prompt-injection indicators (ignore-previous-instructions, system-prompt-override, unicode-control-chars), so this skill requires review even though the model response was benign.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.destructive_delete_command, suspicious.dynamic_code_execution (+2 more)
var match = FIRST_CHAR_REGEXP.exec(str)
rm -rf ~/.openclaw/credentials/moltguard
var deprecatedfn = new Function('fn', 'log', 'deprecate', 'message', 'site',const apiKey = [REDACTED]();
const password = [REDACTED];
password: [REDACTED](urlObj.password),
const bearerToken = [REDACTED]?.replace("Bearer ", "");apiKey: [REDACTED],
apiKey: [REDACTED]?.apiKey ?? "",
- "Ignore previous instructions" patterns