Back to plugin

Security audit

Linux Desktop

Security checks across malware telemetry and agentic risk

Overview

This plugin is a disclosed Linux desktop integration that is gated by OpenClaw tool policy and per-action config, with no evidence of hidden exfiltration or destructive behavior.

Install only if you want an agent to have Linux desktop visibility/control. Keep app launch, window focus, media control, screen capture, and screen read disabled unless needed, and be aware that enabling screenRead.allowCapture lets a screen.read request trigger a consented live screenshot that is sent to the Gateway/model as an image result.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/src/linux-desktop-tool.js:531
Evidence
const monitor = spawn(gdbus, ["monitor", "--session", "--dest", "org.freedesktop.portal.Desktop"], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/linux-desktop-tool.ts:808
Evidence
const monitor = spawn(