Back to plugin
Pluginv0.2.1
Static analysis security
OpenClaw Kitchen Sink · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 29, 2026, 8:04 AM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.potential_exfiltration
- Engine
- v2.4.2
Evidence
criticalscripts/check-pack-payload.mjs:6
Shell command execution detected (child_process).
const pack = spawnSync("npm", ["pack", "--dry-run", "--json"], {warnscripts/sync-surface.mjs:1
File read combined with network send (possible exfiltration).
import { mkdirSync, readFileSync, writeFileSync } from "node:fs";warnsrc/scenarios.js:2
File read combined with network send (possible exfiltration).
import { readFileSync } from "node:fs";