Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- bin/safeclaw.mjs:24
- Evidence
execSync(`docker compose -f "${composeFile}" up -d`, {
Security audit
Security checks across malware telemetry and agentic risk
SafeClaw appears to do what it claims: it routes OpenClaw tool actions through a Validance container kernel, but it is a powerful plugin and the kernel URL should be chosen carefully.
Install this only if you want OpenClaw actions routed through a Validance kernel. Set kernelUrl explicitly: use a local or trusted Validance instance for private work, because commands, file paths, patch contents, browser actions, and other action parameters are sent to that kernel. Also be aware that the standard trust profile auto-approves some actions, including file operations and some read-only shell commands; use the conservative profile if you want more human confirmation.
60/60 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access
execSync(`docker compose -f "${composeFile}" up -d`, {process.env.VALIDANCE_URL ?? "http://localhost:7400";