Documentation contains a destructive delete command without an explicit confirmation gate.
Warn
- Code
- suspicious.destructive_delete_command
- Location
- README.md:29
- Evidence
rm -rf ~/.openclaw/extensions/openclaw_channel
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a real Scymain WebSocket channel plugin, but its heavily obfuscated code handles credentials and live message traffic, so it needs careful review before installation.
Install only if you trust the Scymain publisher and are comfortable giving this plugin a WebSocket URL and token for a service that will receive message content, replies, device/session identifiers, and routing metadata. Prefer an unobfuscated build or matching readable source before production use, and verify the README cleanup path before running the rm -rf command.
62/62 vendors flagged this plugin as clean.
Detected: suspicious.destructive_delete_command
rm -rf ~/.openclaw/extensions/openclaw_channel