Back to plugin
Pluginv1.3.14
Static analysis security
ClawWatch · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 26, 2026, 12:24 PM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.4.0
Evidence
criticaldist/index.js:43
Shell command execution detected (child_process).
runChild = spawn(process.execPath, [agentScript, "run", "--base", base], {criticalsrc/agent.mjs:226
Shell command execution detected (child_process).
const out = execSync('df -h / | tail -1', { timeout: 5000 }).toString().trim();criticalsrc/index.ts:63
Shell command execution detected (child_process).
runChild = spawn(process.execPath, [agentScript, 'run', '--base', base], {criticalsrc/agent.mjs:43
Environment variable access combined with network send.
const LANG = (process.env.OPENCLAW_LANG || Intl.DateTimeFormat().resolvedOptions().locale || 'en')
warnsrc/agent.mjs:68
File read combined with network send (possible exfiltration).
const raw = fs.readFileSync(p, 'utf8');