Back to plugin
Pluginv2026.4.29-1
Static analysis security
WeCanBot Base · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 29, 2026, 11:37 AM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access (+2 more)
- Reason codes
- suspicious.dangerous_execsuspicious.dynamic_code_executionsuspicious.env_credential_accesssuspicious.obfuscated_codesuspicious.potential_exfiltration
- Engine
- v2.4.2
Evidence
criticaldist/index.js:107
Shell command execution detected (child_process).
const output = execFileSync(process.execPath, [helperPath], {criticaldist/ui/lib/browser-device-approval.ts:100
Shell command execution detected (child_process).
const listed = String(exec('openclaw', listArgs, {criticaldist/ui/lib/cs-task.ts:44
Dynamic code execution detected.
const dynamicImport = new Function('url', 'return import(url)') as (url: string) => Promise<Record<string, unknown>>;criticaldist/ui/workflows/dynamic-import.ts:6
Dynamic code execution detected.
const dynamicImportModule = new Function(
criticaldist/install-server-auth.mjs:33
Environment variable access combined with network send.
export function resolveServerApiBaseUrl(env = process.env) {criticaldist/ui/.next/server/app/page.js:6
Environment variable access combined with network send.
\`\`\``:b,subtype:"toolCall"})}}if("toolResult"===b&&void 0!==a.result&&null!==a.result){let b;(b="string"==typeof a.result?a.result.trim():JSON.stringify(a.res...criticaldist/ui/.next/server/chunks/3309.js:1
Environment variable access combined with network send.
"use strict";exports.id=3309,exports.ids=[3309],exports.modules={5576:(a,b,c)=>{c.d(b,{D:()=>X});var d=c(73024),e=c.n(d),f=c(76760),g=c.n(f),h=c(88537),i=c(4388...criticaldist/ui/.next/server/chunks/3445.js:1
Environment variable access combined with network send.
exports.id=3445,exports.ids=[3445],exports.modules={6634:(a,b)=>{"use strict";Object.defineProperty(b,"__esModule",{value:!0});var c={indexOfUint8Array:function...criticaldist/ui/.next/server/chunks/63.js:13
Environment variable access combined with network send.
Original Message: ${d}`);console.error(`Route ${b} errored during ${c}. These errors are normally ignored and may not prevent the route from prerendering but ar...criticaldist/ui/.next/server/chunks/9608.js:8
Environment variable access combined with network send.
`,"SOUL.md":"# SOUL.md - Who You Are\n\n## Core Truths\n- Be genuinely helpful and direct.\n- Prefer action over performative language.\n- Be resourceful before...
criticaldist/ui/lib/clawsh-api.ts:297
Environment variable access combined with network send.
const INSIDE_OPENCLAW = process.env.INSIDE_OPENCLAW === '1' || process.env.INSIDE_OPENCLAW === 'true';
criticaldist/ui/lib/openclaw.ts:7
Environment variable access combined with network send.
process.env.WS_NO_BUFFER_UTIL = '1';
warndist/ui/.next/server/app/page.js:1
Potential obfuscated payload detected.
(()=>{var a={};a.id=8974,a.ids=[8974],a.modules={261:a=>{"use strict";a.exports=require("next/dist/shared/lib/router/utils/app-paths")},1708:a=>{"use strict";a....warndist/ui/.next/static/chunks/9257-23184e91ebe6fc83.js:1
Potential obfuscated payload detected.
"use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[9257],{55:(e,t,n)=>{n.d(t,{B:()=>a});var r=n(2835),i=n(4294);let a={partial:!0,tokenize:fu...warndist/install-server-auth.mjs:62
File read combined with network send (possible exfiltration).
parsed = JSON.parse(fs.readFileSync(deviceIdPath, 'utf8'));
warndist/ui/.next/server/chunks/3309.js:1
File read combined with network send (possible exfiltration).
"use strict";exports.id=3309,exports.ids=[3309],exports.modules={5576:(a,b,c)=>{c.d(b,{D:()=>X});var d=c(73024),e=c.n(d),f=c(76760),g=c.n(f),h=c(88537),i=c(4388...warndist/ui/.next/server/chunks/9608.js:1
File read combined with network send (possible exfiltration).
exports.id=9608,exports.ids=[9608],exports.modules={4388:(a,b,c)=>{"use strict";c.d(b,{UO:()=>m,VC:()=>k,ZK:()=>n,ah:()=>l,nx:()=>o});var d=c(73024),e=c.n(d),f=...warndist/ui/lib/clawsh-api.ts:307
File read combined with network send (possible exfiltration).
const raw = fs.readFileSync(configPath, 'utf8');
warndist/ui/lib/openclaw.ts:579
File read combined with network send (possible exfiltration).
const raw = fs.readFileSync(this.configPath, 'utf8');