Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/src/linux-desktop-tool.js:531
- Evidence
const monitor = spawn(gdbus, ["monitor", "--session", "--dest", "org.freedesktop.portal.Desktop"], {
Security audit
Security checks across malware telemetry and agentic risk
This plugin is a disclosed Linux desktop integration that is gated by OpenClaw tool policy and per-action config, with no evidence of hidden exfiltration or destructive behavior.
Install only if you want an agent to have Linux desktop visibility/control. Keep app launch, window focus, media control, screen capture, and screen read disabled unless needed, and be aware that enabling screenRead.allowCapture lets a screen.read request trigger a consented live screenshot that is sent to the Gateway/model as an image result.
62/62 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
const monitor = spawn(gdbus, ["monitor", "--session", "--dest", "org.freedesktop.portal.Desktop"], {const monitor = spawn(