Back to plugin

Security audit

OrgX for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

OrgX appears aligned with its memory and coordination purpose, but it adds persistent cross-agent state and broad local command execution that users should review carefully before installing.

Before installing, decide whether you want OrgX to store and sync organizational context across agents and sessions. Use it only in trusted workspaces, review the local credential/state files, verify dashboard and terminal-command protections, and enable MCP auto-configuration, managed agent suite provisioning, telemetry, or watchdog behavior only if you need them.

VirusTotal

66/66 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/gateway-watchdog.js:86
Evidence
const child = spawn(input.command, input.args, {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/http/helpers/autopilot-runtime.js:212
Evidence
const child = spawn("node", [scriptPath], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/http/helpers/autopilot-slice-utils.js:669
Evidence
const result = spawnSync(trimmed, ["--version"], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/http/helpers/openclaw-cli.js:22
Evidence
const child = spawn(input.command, input.args, {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/http/routes/live-legacy.js:367
Evidence
cp.exec(command, (error) => {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/http/routes/live-terminal.js:75
Evidence
exec(cmd, (err) => {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/stores/sqlite-state.js:89
Evidence
execFileSync(command, args, {

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/auth/flows.js:31
Evidence
process.env.ORGX_DISABLE_MCP_CLIENT_AUTOCONFIG !== "1") {

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/contracts/client.js:25
Evidence
const raw = process.env[name];

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/gateway-watchdog.js:37
Evidence
const raw = (process.env[name] ?? "").trim();

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/http/helpers/llm-client.js:52
Evidence
process.env.ORGX_LLM_API_KEY ?? "",

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/telemetry/posthog.js:17
Evidence
const explicitEnable = isTruthyEnv(process.env.ORGX_TELEMETRY_ENABLED);

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/auth/flows.js:11
Evidence
apiKey: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/config/refresh.js:35
Evidence
apiKey: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/config/resolution.js:160
Evidence
const apiKey = [REDACTED];

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/telemetry/posthog.js:55
Evidence
const apiKey = [REDACTED]();