Security Gates With No Keys: When Plugin Safety Blocks Legitimate Use

Here's a frustrating scenario: you find a community plugin that does exactly what you need. You run openclaw plugins install. And the install is blocked. WARNING: Plugin "openclaw-codex-app-server" contains dangerous code patterns: Shell command execution detected (child_process) (src/client.ts:660) Plugin installation blocked: dangerous code patterns detected No override flag works. The --dangerously-force-unsafe-install flag — blocked too. The --trust flag that community docs reference? Doesn't exist. This is a textbook case of a security mechanism that's correct in principle but broken in practice. The Tension The plugin uses child_process because that's literally its job — spawning coding CLIs. OpenClaw's static analysis catches it and blocks installation. Fair enough, given past incidents with malicious skills. But the gate has no key. No sanctioned way to say "I reviewed this, I accept the risk." Three Design Principles This Violates 1. Flags should do what their names say. --dan