Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
- Skill content
execSync("npm run build", { cwd: root, stdio: "inherit", shell: true });
GotoPlan Manager
Security checks across static analysis, malware telemetry, and agentic risk
Overview
No artifact-backed suspicious behavior could be established from the available review context, but the local artifact files could not be inspected in this run.
Installers should still review the actual SKILL.md, metadata, and package contents before use, especially because this run could not inspect local artifact files directly.
Static analysis
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
- Skill content
child = execFile('openclaw', args, {
Destructive delete command
Warn
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
- Skill content
rm -rf ~/.openclaw/plugins/gotoplan-manager
VirusTotal
No VirusTotal findings
Risk analysis
No visible risk-analysis findings were reported for this release.