Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- index.ts:316
- Evidence
execFile(
Security audit
Security checks across malware telemetry and agentic risk
This appears to do what it claims—send local macOS notifications for OpenClaw TUI replies when Ghostty is unfocused—without unrelated credential requests or external endpoints, though its metadata under-declares its local tool requirements.
This plugin looks internally coherent: it needs local process execution because it checks the active macOS app and invokes terminal-notifier. Before installing, make sure you actually want an OpenClaw plugin that can observe assistant-message metadata and short reply previews for notification purposes. If you enable debug mode, local logs may include session keys, titles, and short message snippets. Because the provided index.ts artifact was truncated, reviewing the full source from the repository would increase confidence.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
execFile(
return execFileSync(command, args, {