Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/router-bridge.js:281
- Evidence
require('node:child_process').execFileSync(cmd, ['--version'], {
Security audit
Security checks across malware telemetry and agentic risk
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
This skill looks coherent for automatic benchmark-based model routing, but it is powerful. Before installing, confirm that you want `openmark/auto` to become your default route, that Python subprocess execution is acceptable, and that your configured providers/fallbacks are suitable for the prompts and conversation context you use in OpenClaw. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
require('node:child_process').execFileSync(cmd, ['--version'], {