Back to plugin

Security audit

Task Notifier

Security checks across malware telemetry and agentic risk

Overview

Task Notifier appears to be a coherent desktop-notification plugin, but it does run local OS commands as a startup plugin and asks users to bypass OpenClaw's unsafe-install warning.

This looks reasonable for a desktop notifier, but it is not just documentation if you install the runtime plugin. It will run at startup, execute local OS notification commands, check active window titles, and write small state files in workspaces. Review the source, understand the --dangerously-force-unsafe-install flag, and use the documented filters if you do not want it watching all agents.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/index.js:182
Evidence
execFileSync(SHARED_SCRIPT, args, {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/index.ts:269
Evidence
execFileSync(SHARED_SCRIPT, args, {