Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/src/proxy-manager.js:83
- Evidence
const proc = spawn(binary, args, {
Security audit
Security checks across malware telemetry and agentic risk
This is a credential-proxy plugin with powerful but clearly disclosed behavior that fits its stated purpose.
Install this only if you want Aquaman to manage credential routing for selected services. Review the configured services list, use a trusted aquaman-proxy version, and disable auto-generated auth profiles if you manage OpenClaw authentication manually.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
const proc = spawn(binary, args, {