Back to plugin
Pluginv0.1.9
Static analysis security
Moltenhub Openclaw Plugin · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 6, 2026, 9:32 PM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.2.0
Evidence
criticalscripts/e2e-container.mjs:15
Shell command execution detected (child_process).
const result = spawnSync(command, args, {criticalscripts/e2e-container.mjs:8
Environment variable access combined with network send.
const moltenhubImage = process.env.MOLTENHUB_IMAGE || "moltenbot/moltenhub:latest";
warndist/moltenhub-client.js:2
File read combined with network send (possible exfiltration).
import { readFileSync } from "node:fs";warnsrc/moltenhub-client.ts:2
File read combined with network send (possible exfiltration).
import { readFileSync } from "node:fs";