Back to plugin
Pluginv0.3.3
Static analysis security
StablePay OpenClaw Plugin · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 10, 2026, 7:25 PM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.install_untrusted_source (+1 more)
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.install_untrusted_sourcesuspicious.potential_exfiltration
- Engine
- v2.2.0
Evidence
criticaldist/ows_sign_tx.js:37
Shell command execution detected (child_process).
const result = spawnSync("ows", ["sign", "message", "--wallet", walletName, "--chain", chain, "--encoding", "hex", "--message", cleanHex, "--json"], { encoding:...criticaldist/runtime.js:537
Shell command execution detected (child_process).
const r = spawnSync("ows", ["--version"], { encoding: "utf8", timeout: 5000 });criticalsrc/ows_sign_tx.ts:40
Shell command execution detected (child_process).
const result = spawnSync(
criticalsrc/runtime.ts:729
Shell command execution detected (child_process).
const r = spawnSync("ows", ["--version"], { encoding: "utf8", timeout: 5000 });criticaldist/runtime.js:269
Environment variable access combined with network send.
const token = process.env[this.cfg.owsRestApiKeyEnv];
criticalsrc/runtime.ts:425
Environment variable access combined with network send.
const token = process.env[this.cfg.owsRestApiKeyEnv];
warnexamples/plugins.entries.sample.json:7
Install source points to URL shortener or raw IP.
"backendBaseUrl": "http://127.0.0.1:28080",
warnopenclaw.plugin.json:12
Install source points to URL shortener or raw IP.
"default": "http://127.0.0.1:28080",
warndist/runtime.js:425
File read combined with network send (possible exfiltration).
const encrypted = await fs.readFile(this.cfg.localStatePath, "utf8");
warnsrc/runtime.ts:591
File read combined with network send (possible exfiltration).
const encrypted = await fs.readFile(this.cfg.localStatePath, "utf8");