Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/index.js:182
- Evidence
execFileSync(SHARED_SCRIPT, args, {
Security audit
Security checks across malware telemetry and agentic risk
Task Notifier appears to be a coherent desktop-notification plugin, but it does run local OS commands as a startup plugin and asks users to bypass OpenClaw's unsafe-install warning.
This looks reasonable for a desktop notifier, but it is not just documentation if you install the runtime plugin. It will run at startup, execute local OS notification commands, check active window titles, and write small state files in workspaces. Review the source, understand the --dangerously-force-unsafe-install flag, and use the documented filters if you do not want it watching all agents.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
execFileSync(SHARED_SCRIPT, args, {execFileSync(SHARED_SCRIPT, args, {