Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/utils.js:5
- Evidence
const child = execFile(bin, args, { timeout, maxBuffer: 10 * 1024 * 1024, encoding: "utf-8" }, (error, stdout, stderr) => {
Security audit
Security checks across malware telemetry and agentic risk
PipePost appears to be a legitimate content-publishing integration, but it can run a local CLI, publish AI-generated content to external destinations, and even suggests scheduled automation without strong built-in guardrails.
Install only if you want OpenClaw to curate and potentially publish content for you. Keep approvals on for live `pipepost_run`, use dry-run first, restrict configs and destinations to trusted paths/endpoints, and do not allow cron scheduling unless you intentionally want ongoing automated publishing.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
const child = execFile(bin, args, { timeout, maxBuffer: 10 * 1024 * 1024, encoding: "utf-8" }, (error, stdout, stderr) => {const child = execFile(