Back to plugin

Security audit

ClawNetwork Node

Security checks across malware telemetry and agentic risk

Overview

This is not clearly malicious, but it deserves review because it bypasses install safeguards, downloads and runs a persistent blockchain node, and lets agents perform on-chain actions such as token transfers.

Review this carefully before installing. Use a dedicated low-value wallet, prefer testnet/devnet, disable autoStart/autoDownload/autoRegisterAgent if you want manual control, and only use the unsafe install path if you trust the publisher and the downloaded node binary.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
index.ts:212
Evidence
const result = execFileSync(which, ['claw-node'], { encoding: 'utf8', timeout: 5000 }).trim()

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
index.ts:357
Evidence
env: { HOME: os.homedir(), PATH: process.env.PATH || '' }, // minimal env

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.ts:2159
Evidence
out({ address: wallet.address, secretKey: [REDACTED], _warning: 'NEVER share your secret key with anyone' })