Security Gates With No Keys: When Plugin Safety Blocks Legitimate Use
Published: (April 1, 2026 at 05:10 PM EDT)
2 min read
Source: Dev.to
Source: Dev.to
Problem
You find a community plugin that does exactly what you need, but the installation is blocked.
WARNING: Plugin "openclaw-codex-app-server" contains dangerous code patterns:
Shell command execution detected (child_process) (src/client.ts:660)
Plugin installation blocked: dangerous code patterns detectedNo override flag works. The --dangerously-force-unsafe-install flag is blocked, and the --trust flag referenced in community docs does not exist.
This is a textbook case of a security mechanism that is correct in principle but broken in practice.
Why the Current Approach Fails
- The plugin uses
child_processbecause that is literally its job—spawning coding CLIs. - OpenClaw’s static analysis catches the usage and blocks installation. This is reasonable given past incidents with malicious skills.
- However, the gate has no key: there is no sanctioned way to say “I reviewed this, I accept the risk.”
Issues with the Existing Flags
- Misleading flag behavior –
--dangerously-force-unsafe-installis meant to provide explicit consent, but it does not actually override the block. - Undocumented overrides – Security defaults should be configurable, but when the override is undocumented users either give up or resort to unsafe workarounds.
- Over‑broad static analysis – Blocking
child_processat the string level catches both malicious and legitimate uses. A plugin that spawns a Codex CLI is fundamentally different from one that runscurl | bash.
Proposed Improvements
- Every deny must have a documented allow – Provide a clear, documented mechanism to override a block when the user has reviewed the code.
- Override flags must actually override – Flags like
--dangerously-force-unsafe-installshould work as advertised. - Add a consent layer to static analysis – Prompt the user for explicit consent and log the decision for audit purposes.
- Log trust decisions – Record when a user overrides a security gate so that the action can be audited later.
The goal isn’t to remove the gate entirely; it’s to put a lock on it and give the user the key.