Back to plugin
Pluginv1.0.2
Static analysis security
A2H Market · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousMar 30, 2026, 11:30 AM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.2.0
Evidence
criticalscripts/install.mjs:85
Shell command execution detected (child_process).
return execSync("openclaw --version 2>/dev/null", { encoding: "utf-8" }).trim();criticalscripts/setup-tempo-key.mjs:29
Shell command execution detected (child_process).
const r = spawnSync('security', [criticalsrc/keychain.ts:21
Shell command execution detected (child_process).
const result = spawnSync(
criticalscripts/install.mjs:196
Environment variable access combined with network send.
const lang = (process.env.LANG || process.env.LC_ALL || process.env.LANGUAGE || "").toLowerCase();
warnscripts/install.mjs:17
File read combined with network send (possible exfiltration).
import { existsSync, mkdirSync, writeFileSync, readFileSync } from "node:fs";