Back to plugin

Security audit

WeCanBot Base

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real WeCanBot/OpenClaw orchestration plugin, but it asks for unsafe installation and includes broad runtime code-loading, local server, tool/gateway, and credential-handling behavior that users should review carefully.

Treat this as a powerful local orchestration plugin, not a simple prompt pack. Install only if you trust WeCanBot and are comfortable with a persistent local UI server, local auth-state use, dynamic app/workflow execution, and unsafe-install flags; test it in an isolated OpenClaw profile if possible.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access (+3 more)

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.js:189
Evidence
uiProcess = spawn('node', ['server.js'], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/ui/lib/browser-device-approval.ts:100
Evidence
const listed = String(exec('openclaw', listArgs, {

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
dist/ui/lib/app-installer.ts:50
Evidence
const dynamicImport = new Function('url', 'return import(url)') as (url: string) => Promise<Record<string, unknown>>;

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
dist/ui/lib/cs-task.ts:44
Evidence
const dynamicImport = new Function('url', 'return import(url)') as (url: string) => Promise<Record<string, unknown>>;

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
dist/ui/workflows/dynamic-import.ts:6
Evidence
const dynamicImportModule = new Function(

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/ui/.next/server/app/api/apps/[appId]/install/route.js:1
Evidence
"use strict";(()=>{var a={};a.id=7371,a.ids=[7371],a.modules={261:a=>{a.exports=require("next/dist/shared/lib/router/utils/app-paths")},1932:a=>{a.exports=requi...

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/ui/.next/server/app/api/apps/route.js:1
Evidence
"use strict";(()=>{var a={};a.id=3374,a.ids=[3374],a.modules={261:a=>{a.exports=require("next/dist/shared/lib/router/utils/app-paths")},1932:a=>{a.exports=requi...

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/ui/.next/server/app/page.js:6
Evidence
\`\`\``:b,subtype:"toolCall"})}}if("toolResult"===b&&void 0!==a.result&&null!==a.result){let b;(b="string"==typeof a.result?a.result.trim():JSON.stringify(a.res...

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/ui/.next/server/chunks/3445.js:1
Evidence
exports.id=3445,exports.ids=[3445],exports.modules={6634:(a,b)=>{"use strict";Object.defineProperty(b,"__esModule",{value:!0});var c={indexOfUint8Array:function...

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/ui/.next/server/chunks/63.js:13
Evidence
Original Message: ${d}`);console.error(`Route ${b} errored during ${c}. These errors are normally ignored and may not prevent the route from prerendering but ar...

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/ui/.next/server/chunks/9608.js:2
Evidence
`,"utf8")}function n(a=h.XP){let b=k(a),c=i(l(a).WECANBOT_SERVER_API_TOKEN);if(!c)throw Error(`WECANBOT_SERVER_API_TOKEN is required in ${b}`);return c}function...

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/ui/lib/openclaw.ts:7
Evidence
process.env.WS_NO_BUFFER_UTIL = '1';

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/ui/.next/static/chunks/9397-48d0ceb382c67c61.js:1
Evidence
"use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[9397],{55:(e,t,n)=>{n.d(t,{B:()=>a});var r=n(2835),i=n(4294);let a={partial:!0,tokenize:fu...

Potential obfuscated payload detected.

Warn
Code
suspicious.obfuscated_code
Location
dist/ui/.next/server/app/page.js:1
Evidence
(()=>{var a={};a.id=8974,a.ids=[8974],a.modules={261:a=>{"use strict";a.exports=require("next/dist/shared/lib/router/utils/app-paths")},1708:a=>{"use strict";a....

Potential obfuscated payload detected.

Warn
Code
suspicious.obfuscated_code
Location
dist/ui/.next/static/chunks/9397-48d0ceb382c67c61.js:1
Evidence
"use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[9397],{55:(e,t,n)=>{n.d(t,{B:()=>a});var r=n(2835),i=n(4294);let a={partial:!0,tokenize:fu...

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
dist/ui/.next/server/chunks/9608.js:9
Evidence
`,{mode:384}),this.identity=f,f}readStoredDeviceToken(){try{if(!e().existsSync(this.deviceAuthPath))return null;let a=JSON.parse(e().readFileSync(this.deviceAut...

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
dist/ui/lib/openclaw.ts:698
Evidence
const parsed = JSON.parse(fs.readFileSync(this.deviceAuthPath, 'utf8')) as DeviceAuthState;