Back to plugin

Security audit

OpenClaw Shield

Security checks across malware telemetry and agentic risk

Overview

OpenClaw Shield appears purpose-built for security monitoring, but it deserves review because it includes automatic install/update code paths and sends monitoring data to an external Shield service.

Install only if you intend to run a background security-monitoring integration. Before enabling it, review the publisher and update mechanism, consider setting autoUpdate to `notify-only` or `false`, keep redaction enabled, try dry-run mode first, and protect the local Shield credential files.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
index.js:1478
Evidence
const list = execSync('openclaw cron list --json 2>/dev/null', { encoding: 'utf8' });