Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- index.ts:61
- Evidence
const child = spawn("lsof", ["-n", "-i", `:${port}`, "-t"], { stdio: ["ignore", "pipe", "ignore"] });
Security audit
Security checks across malware telemetry and agentic risk
The plugin is a coherent Simplaix Gateway policy/audit integration, but its default fail-open behavior, default allow-all fallback policy, and unauthenticated local start/stop controls need careful review.
Install only if you trust the Simplaix Gateway deployment and are comfortable sending tool activity to it. Before relying on it for safety, consider changing fail-open and catch-all-allow defaults, restrict who can run /lobster-shell commands, protect the runtime token, and manually approve any setup steps that clone code, install dependencies, or start tunnels.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.destructive_delete_command, suspicious.env_credential_access
const child = spawn("lsof", ["-n", "-i", `:${port}`, "-t"], { stdio: ["ignore", "pipe", "ignore"] });rm -rf ~/.openclaw/plugins/lobster-shell
const gatewayUrl = (cfg.gatewayUrl ?? process.env.SIMPLAIX_GATEWAY_URL ?? "").replace(/\/$/, "");