Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- index.ts:212
- Evidence
const result = execFileSync(which, ['claw-node'], { encoding: 'utf8', timeout: 5000 }).trim()
Security audit
Security checks across malware telemetry and agentic risk
This is not clearly malicious, but it deserves review because it bypasses install safeguards, downloads and runs a persistent blockchain node, and lets agents perform on-chain actions such as token transfers.
Review this carefully before installing. Use a dedicated low-value wallet, prefer testnet/devnet, disable autoStart/autoDownload/autoRegisterAgent if you want manual control, and only use the unsafe install path if you trust the publisher and the downloaded node binary.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal
const result = execFileSync(which, ['claw-node'], { encoding: 'utf8', timeout: 5000 }).trim()env: { HOME: os.homedir(), PATH: process.env.PATH || '' }, // minimal envout({ address: wallet.address, secretKey: [REDACTED], _warning: 'NEVER share your secret key with anyone' })