Pluginv0.2.8

Static analysis security

WTT Plugin · Deterministic local checks for risky code patterns and metadata mismatches.

SuspiciousApr 28, 2026, 7:49 AM

Summary: Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
Reason codes: suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
Engine: v2.4.2

criticalbin/openclaw-wtt-bootstrap.mjs:150

Shell command execution detected (child_process).

const r = spawnSync('bash', ['-lc', 'openclaw gateway restart'], { stdio: 'inherit' });

criticaldist/commands/update.js:7

Shell command execution detected (child_process).

const child = spawn(cmd, args, {

criticalindex.ts:40

Shell command execution detected (child_process).

const res = spawnSync(process.execPath, args, {

criticalsrc/commands/update.ts:16

Shell command execution detected (child_process).

const child = spawn(cmd, args, {

criticalbin/openclaw-wtt-topic-memory-backfill.mjs:14

Environment variable access combined with network send.

home: process.env.OPENCLAW_HOME?.trim() || path.join(os.homedir(), ".openclaw"),

criticaldist/channel.js:101

Environment variable access combined with network send.

const fromEnv = process.env.OPENCLAW_CONFIG_PATH?.trim();

criticalsrc/channel.ts:212

Environment variable access combined with network send.

const fromEnv = process.env.OPENCLAW_CONFIG_PATH?.trim();

warnbin/openclaw-wtt-topic-memory-backfill.mjs:346

File read combined with network send (possible exfiltration).

const raw = await fs.readFile(filePath, "utf8");

warndist/channel.js:18

File read combined with network send (possible exfiltration).

import { mkdir, readFile, rename, writeFile } from "node:fs/promises";

warnsrc/channel.ts:34

File read combined with network send (possible exfiltration).

import { mkdir, readFile, rename, writeFile } from "node:fs/promises";