fix: 升级openclaw 2026.4.1后 无法安装插件，认为插件具有 恶意软件攻击，极其危险，不符合openclaw插件要求

[matrixclark]

Pre-submission checklist | 提交前检查

• I have searched existing issues and this hasn't been mentioned before | 我已搜索现有问题，确认此问题尚未被提及
• I have read the project documentation and confirmed this issue doesn't already exist | 我已阅读项目文档并确认此问题尚未存在
• This issue is specific to MemOS and not a general software issue | 该问题是针对 MemOS 的，而不是一般软件问题

Bug Description | 问题描述

~ % openclaw plugins install @memtensor/memos-local-openclaw-plugin

🦞 OpenClaw 2026.4.1 (da64a97) — Gateway online—please keep hands, feet, and appendages inside the shell at all times.

Resolving clawhub:@memtensor/memos-local-openclaw-plugin…
Downloading @memtensor/memos-local-openclaw-plugin…
Extracting /var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-npm-pack-Abe5fL/memtensor-memos-local-openclaw-plugin-1.0.7.tgz…
WARNING: Plugin "memos-local-openclaw-plugin" contains dangerous code patterns: Shell command execution detected (child_process) (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/index.ts:118); Environment variable access combined with network send — possible credential harvesting (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/index.ts:209); Environment variable access combined with network send — possible credential harvesting (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/src/openclaw-api.ts:173); Environment variable access combined with network send — possible credential harvesting (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/src/telemetry.ts:22); Shell command execution detected (child_process) (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/src/viewer/server.ts:982); Environment variable access combined with network send — possible credential harvesting (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/src/viewer/server.ts:1662); Shell command execution detected (child_process) (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/src/storage/ensure-binding.ts:36); Environment variable access combined with network send — possible credential harvesting (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/src/shared/llm-call.ts:39); Shell command execution detected (child_process) (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/scripts/postinstall.cjs:143); Environment variable access combined with network send — possible credential harvesting (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/scripts/postinstall.cjs:175)
Downloading @memtensor/memos-local-openclaw-plugin…
Extracting /var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-hook-pack-3nw9sK/memtensor-memos-local-openclaw-plugin-1.0.7.tgz…
Plugin "memos-local-openclaw-plugin" installation blocked: dangerous code patterns detected: Shell command execution detected (child_process) (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/index.ts:118); Environment variable access combined with network send — possible credential harvesting (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/index.ts:209); Environment variable access combined with network send — possible credential harvesting (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/src/openclaw-api.ts:173); Environment variable access combined with network send — possible credential harvesting (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/src/telemetry.ts:22); Shell command execution detected (child_process) (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/src/viewer/server.ts:982); Environment variable access combined with network send — possible credential harvesting (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/src/viewer/server.ts:1662); Shell command execution detected (child_process) (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/src/storage/ensure-binding.ts:36); Environment variable access combined with network send — possible credential harvesting (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/src/shared/llm-call.ts:39); Shell command execution detected (child_process) (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/scripts/postinstall.cjs:143); Environment variable access combined with network send — possible credential harvesting (/var/folders/mt/6k7_yfk504q074dgj__9cd2m0000gn/T/openclaw-plugin-8FDyDT/extract/package/scripts/postinstall.cjs:175)
Also not a valid hook pack: Error: package.json missing openclaw.hooks

How to Reproduce | 如何重现

升级openclaw后，插件不能启动。尝试升级插件与卸载都报一样的错

Environment | 环境信息

-python@3.14
-mac os 12.7.6
-memos-local-openclaw-plugin-1.0.7
-openclaw 2026.4.1

Additional Context | 其他信息

No response

Willingness to Implement | 实现意愿

• I'm willing to implement this myself | 我愿意自己解决
• I would like someone else to implement this | 我希望其他人来解决

[hyperion2144]

先直接用安装脚本安装吧