Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/set-reasoning-stream-remote.js:139
- Evidence
const child = spawn("ssh", [host, ...remoteArgs], {
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a disclosed Enterprise WeChat integration, but it gives OpenClaw meaningful messaging, credential, file-media, and dynamic-agent authority that users should configure carefully.
Before installing, confirm you want OpenClaw to connect to Enterprise WeChat, receive messages, send replies/files, and optionally create dynamic agents. Use narrow WeCom credentials, restrict allowed users/groups and media roots, and avoid running the remote SSH scripts unless you intentionally need those maintenance operations.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access
const child = spawn("ssh", [host, ...remoteArgs], {const result = spawnSync("ssh", [options.host, remoteCommand], {const result = spawnSync("ssh", [options.host, remoteCommand], {const stateDir = String(process.env.OPENCLAW_STATE_DIR ?? "").trim();
const stateDir = String(process.env.OPENCLAW_STATE_DIR ?? "").trim();
process.env.WECOM_EGRESS_PROXY_URL || ""