Back to plugin

Security audit

WebDAV

Security checks across malware telemetry and agentic risk

Overview

This is a coherent WebDAV plugin that openly exposes a configured OpenClaw workspace to authenticated WebDAV clients, so the main risk is expected remote file access.

Install this only if you want WebDAV clients to access your OpenClaw workspace. Before enabling it, confirm the rootPath, consider readOnly mode, use HTTPS or a private network, and protect the gateway token/password used by WebDAV clients.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
.conformance/run-litmus.ts:85
Evidence
const result = spawnSync("litmus", litmusArgs, {

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
.conformance/run-litmus.ts:112
Evidence
? { user: target.litmusUser, password: [REDACTED] }

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
test/adapter/routes.adapter.spec.ts:118
Evidence
gateway: { auth: { mode: "password", password: [REDACTED] } },