Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- openclaw-wrapper.js:10
Security audit
Security checks across malware telemetry and agentic risk
The Tavily search skill is mostly purpose-aligned, but it includes an undocumented wrapper that can turn a search query into local shell command execution.
Review or remove openclaw-wrapper.js before installing. The direct search.mjs and extract.mjs scripts are straightforward Tavily API clients, but use a dedicated Tavily API key and avoid sending confidential queries, private URLs, or internal resources to Tavily.
64/64 vendors flagged this skill as clean.
Detected: suspicious.dangerous_exec