Back to plugin

Security audit

Guild

Security checks across malware telemetry and agentic risk

Overview

The visible code matches the broad multi-user memory/auth platform it describes, but installing it means letting it read conversation context and use Supabase/gateway credentials.

This looks internally coherent for an organization-wide memory/auth plugin, but it is powerful by design. Install it only if you want Guild to run inside the OpenClaw gateway, read conversation/session context, store extracted facts in Supabase, and use Supabase credentials including a possible service-role key for setup. Verify that the configured Supabase URL is yours, protect the service-role key carefully, and review the omitted/truncated files or upstream repository before production use because confidence is limited by incomplete source visibility here.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal (+1 more)

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/cli/guild.js:732
Evidence
const statusJson = execSync("npx supabase status --output json 2>/dev/null", { encoding: "utf-8" });

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/cli/guild.js:113
Evidence
|| process.env.SUPABASE_SERVICE_ROLE_KEY

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/auth.js:69
Evidence
accessToken: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/cli/guild.js:469
Evidence
body: JSON.stringify({ email: agentCreds.email, password: [REDACTED] }),

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/hooks/auto-capture.js:135
Evidence
apikey: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/hooks/compaction-flush.js:136
Evidence
apikey: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/lib/auto-recall.js:47
Evidence
token = await getAgentToken({ agentId, platformUuid: agentCreds.uuid, email: agentCreds.email, password: [REDACTED], legacyJwt: agentCreds.jwt }, pluginConfig);

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/lib/user-resolver.js:26
Evidence
const apikey = [REDACTED];

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
dist/hooks/compaction-flush.js:39
Evidence
const raw = await readFile(sessionFile, "utf-8");