openclaw-memory-tencentdb-setup

Warn

Audited by Socket on Jun 22, 2026

2 alerts found:

SecurityAnomaly
SecurityMEDIUM
src/offload/backend-client.ts
AnomalyLOW
scripts/setup-offload.sh

This Bash module is primarily a configuration/feature-toggle tool, but it carries meaningful supply-chain and operational risk: it executes a companion patch script via bash (whose content/behavior is not visible here) and it persists a backend API key to the local config while printing a key prefix to stdout. Additionally, command-line inputs are interpolated into python3 -c code without robust escaping, creating a subprocess-injection/robustness weakness. No direct malware payload is evident in the shown fragment, but trust and integrity controls around the patch script and secret handling are essential.

Confidence: 62%Severity: 60%
Audit Metadata
Analyzed At
Jun 22, 2026, 09:40 AM
Package URL
pkg:socket/skills-sh/Tencent%2FTencentDB-Agent-Memory%2Fopenclaw-memory-tencentdb-setup%2F@ee76536f30ae49e598ad43f472da7e09f4155b8a
Security Audit — socket — openclaw-memory-tencentdb-setup