openclaw-deploy
Audited by Socket on Jun 19, 2026
1 alert found:
AnomalyThis fragment is a deployment/operations guide that includes a local proxy relay (forwarding HTTP/CONNECT traffic through a configured upstream) and CDP-based injection/persistence of X/Twitter auth cookies (auth_token/ct0/twid) into a headless Chromium session, saving cookies to disk. There is no overt evidence of covert malware (e.g., C2/exfil endpoints, obfuscation, crypto mining, reverse shell) within the shown code. However, it performs highly sensitive authentication manipulation and persists credentials, and it overwrites /usr/bin/chromium and modifies installed OpenClaw dist code—both of which are security-sensitive and could be abused. Treat as a security-critical capability module and review token handling/storage and deployment context.