Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- .conformance/run-litmus.ts:85
- Evidence
const result = spawnSync("litmus", litmusArgs, {
Security audit
Security checks across malware telemetry and agentic risk
This is a coherent WebDAV plugin that openly exposes a configured OpenClaw workspace to authenticated WebDAV clients, so the main risk is expected remote file access.
Install this only if you want WebDAV clients to access your OpenClaw workspace. Before enabling it, confirm the rootPath, consider readOnly mode, use HTTPS or a private network, and protect the gateway token/password used by WebDAV clients.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal
const result = spawnSync("litmus", litmusArgs, {? { user: target.litmusUser, password: [REDACTED] }gateway: { auth: { mode: "password", password: [REDACTED] } },