Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- src/index.ts:876
- Evidence
const child = spawn("/bin/sh", ["-lc", command], {
Security audit
Security checks across malware telemetry and agentic risk
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
Install this only if you want an administrative trust layer for OpenClaw. Start in audit/warn and dry-run modes, review shell-backed install/update commands before execution, keep trust/block decisions operator-directed, protect .openclaw/agent-passport local logs, and verify whether the bundled .tgz archives are intentional. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal
const child = spawn("/bin/sh", ["-lc", command], {const authorization = [REDACTED](beforeState);