critical
suspicious.dangerous_exec
- Location
- scripts/install-sidecar.mjs:50
- Finding
- Shell command execution detected (child_process).
- Evidence
const result = spawnSync(command, args, {
Delta-Mem MLX
AdvisoryAudited by Static analysis on May 17, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.install_untrusted_source
Findings (3)
critical
suspicious.dangerous_exec
- Location
- scripts/start-sidecar.mjs:85
- Finding
- Shell command execution detected (child_process).
- Evidence
const child = spawn(python, [
warn
suspicious.install_untrusted_source
- Location
- openclaw.plugin.json:13
- Finding
- Install source points to URL shortener or raw IP.
- Evidence
"default": "http://127.0.0.1:8765",