Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/index.mjs:3960
- Evidence
const match = TRACE_PARENT_REGEX.exec(traceParent);
Security audit
Security checks across malware telemetry and agentic risk
This is a disclosed telemetry plugin that sends OpenClaw agent identity and operational metrics to a configured Trovis endpoint, with sensitive content capture off by default.
Install only if you are comfortable sending agent identity files and telemetry to the configured Trovis endpoint. Review SOUL.md, IDENTITY.md, and AGENTS.md for secrets before enabling; keep readUserData and captureOutputs off unless you trust the endpoint and need those richer diagnostics.
62/62 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal (+1 more)
const match = TRACE_PARENT_REGEX.exec(traceParent);
const processEnv = (0, environment_1.parseEnvironment)(process.env);
privateKey: [REDACTED]
const result = await fs_1.promises.readFile("/etc/hostid", { encoding: "utf8" });