Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/src/gui/service.js:441
- Evidence
const match = /^data:image\/([\w+-]+);base64,/.exec(dataUri);
Security audit
Security checks across malware telemetry and agentic risk
The plugin largely matches its stated purpose, but its iPhone bridge exposes powerful OpenClaw access with weak and over-disclosed token handling.
Review before installing. Use only on a trusted machine and trusted network, do not expose the bridge port to a LAN or internet you do not control, and treat the iPhone connection line like a password. Prefer a version that requires the full token, avoids returning the token in general profile data, and uses a tighter local-only or explicitly secured transport.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal
const match = /^data:image\/([\w+-]+);base64,/.exec(dataUri);
authToken: [REDACTED],