Back to plugin
Pluginv2026.4.35
Static analysis security
OpenViking · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 29, 2026, 6:01 AM
- Summary
- Detected: suspicious.install_untrusted_source, suspicious.potential_exfiltration
- Reason codes
- suspicious.install_untrusted_sourcesuspicious.potential_exfiltration
- Engine
- v2.4.2
Evidence
warnopenclaw.plugin.json:9
Install source points to URL shortener or raw IP.
"placeholder": "http://127.0.0.1:1933",
warnclient.ts:4
File read combined with network send (possible exfiltration).
import { mkdtemp, readdir, readFile, rm, stat } from "node:fs/promises";warncommands/setup.ts:101
File read combined with network send (possible exfiltration).
return JSON.parse(fs.readFileSync(configPath, "utf-8"));