Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
- Skill content
const proc = spawn(command, args, {
Openclaw Matrix 2026.5.20.Tgz
Security checks across static analysis, malware telemetry, and agentic risk
Overview
No risk analysis has been recorded yet.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
accessToken: [REDACTED](entry.accessToken),
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
accessToken: [REDACTED],
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
accessToken: [REDACTED],
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
accessToken: [REDACTED],
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
accessToken: [REDACTED]().optional(),
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
accessToken: [REDACTED],
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
password: [REDACTED]?.()
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
accessToken: [REDACTED],
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
this.accessToken = [REDACTED];
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
accessToken: [REDACTED],
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
accessToken: [REDACTED]
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
privateKey = [REDACTED](encodedPrivateKey);
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
accessToken: [REDACTED] || void 0,
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
let accessToken = [REDACTED];
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
path: params.field === "accessToken" ? scopedKeys.accessToken : [REDACTED]
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
accessToken: [REDACTED],
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
accessToken: [REDACTED],
VirusTotal
62/62 vendors flagged this plugin as clean.
Risk analysis
No visible risk-analysis findings were reported for this release.