openclaw-memory-tencentdb-setup
Warn
Audited by Socket on Jun 22, 2026
2 alerts found:
SecurityAnomalySecuritysrc/offload/backend-client.ts
MEDIUMSecurityMEDIUM
src/offload/backend-client.ts
Anomalyscripts/setup-offload.sh
LOWAnomalyLOW
scripts/setup-offload.sh
This Bash module is primarily a configuration/feature-toggle tool, but it carries meaningful supply-chain and operational risk: it executes a companion patch script via bash (whose content/behavior is not visible here) and it persists a backend API key to the local config while printing a key prefix to stdout. Additionally, command-line inputs are interpolated into python3 -c code without robust escaping, creating a subprocess-injection/robustness weakness. No direct malware payload is evident in the shown fragment, but trust and integrity controls around the patch script and secret handling are essential.
Confidence: 62%Severity: 60%
Audit Metadata