Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/cli/guild.js:732
- Evidence
const statusJson = execSync("npx supabase status --output json 2>/dev/null", { encoding: "utf-8" });
Security audit
Security checks across malware telemetry and agentic risk
The visible code matches the broad multi-user memory/auth platform it describes, but installing it means letting it read conversation context and use Supabase/gateway credentials.
This looks internally coherent for an organization-wide memory/auth plugin, but it is powerful by design. Install it only if you want Guild to run inside the OpenClaw gateway, read conversation/session context, store extracted facts in Supabase, and use Supabase credentials including a possible service-role key for setup. Verify that the configured Supabase URL is yours, protect the service-role key carefully, and review the omitted/truncated files or upstream repository before production use because confidence is limited by incomplete source visibility here.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal (+1 more)
const statusJson = execSync("npx supabase status --output json 2>/dev/null", { encoding: "utf-8" });|| process.env.SUPABASE_SERVICE_ROLE_KEY
accessToken: [REDACTED],
body: JSON.stringify({ email: agentCreds.email, password: [REDACTED] }),apikey: [REDACTED],
apikey: [REDACTED],
token = await getAgentToken({ agentId, platformUuid: agentCreds.uuid, email: agentCreds.email, password: [REDACTED], legacyJwt: agentCreds.jwt }, pluginConfig);const apikey = [REDACTED];
const raw = await readFile(sessionFile, "utf-8");