Back to plugin
Pluginv1.0.0
Static analysis security
禅道代码定位 · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 4, 2026, 5:02 AM
- Summary
- Detected: suspicious.install_untrusted_source, suspicious.potential_exfiltration
- Reason codes
- suspicious.install_untrusted_sourcesuspicious.potential_exfiltration
- Engine
- v2.2.0
Evidence
warnopenclaw.plugin.json:30
Install source points to URL shortener or raw IP.
"zentaoUrl": { "label": "禅道地址", "placeholder": "http://192.168.0.10/zentao" },warndb/store.ts:75
File read combined with network send (possible exfiltration).
const buffer = fs.readFileSync(this.dbPath);