OpenClaw 汉化发行版 - 全中文界面,每小时自动同步官方 openclaw/openclaw 更新
No confirmed malicious attack surface was established. Risky primitives are part of an OpenClaw CLI/plugin runtime and install-time migration/cleanup logic, with no evidence of credential theft or attacker-controlled persistence.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
dist/dist-7SQswLRi.jsView on unpkg · L5588Hardcoded password in dist/dist-7SQswLRi.js
dist/dist-7SQswLRi.jsView on unpkg · L13656Hardcoded password in dist/dist-7SQswLRi.js
dist/dist-7SQswLRi.jsView on unpkg · L21205Package source references dynamic require/import behavior.
dist/loader-frTDr6Tq.jsView on unpkg · L125Package source references weak cryptographic algorithms.
dist/dreaming-phases-Bs2VYR3s.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
dist/schtasks-BSBYFHUM.jsView on unpkg · L7Source reaches cloud instance metadata or link-local credential endpoints.
dist/src-Cp7ODFk2.jsView on unpkg · L4Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/control-ui/assets/config-runtime-Chws_C6h.jsView on unpkg · L2Package ships non-JavaScript build or shell helper files.
skills/model-usage/scripts/test_model_usage.pyView on unpkgHardcoded password in dist/proxy-cli.runtime-Dk8MA3v6.js
dist/proxy-cli.runtime-Dk8MA3v6.jsView on unpkg · L856Hardcoded password in docs/gateway/tailscale.md
docs/gateway/tailscale.mdView on unpkg · L118Hardcoded password in docs/gateway/configuration-reference.md
docs/gateway/configuration-reference.mdView on unpkg · L515Hardcoded password in docs/gateway/configuration-reference.md
docs/gateway/configuration-reference.mdView on unpkg · L545Hardcoded password in docs/gateway/config-channels.md
docs/gateway/config-channels.mdView on unpkg · L756Hardcoded password in docs/channels/matrix.md
docs/channels/matrix.mdView on unpkg · L74Package defines install-time lifecycle scripts.
package.jsonView on unpkg · L1720Package contains a critical-looking secret pattern.
dist/dist-7SQswLRi.jsView on unpkg · L5588Hardcoded password in dist/dist-7SQswLRi.js
dist/dist-7SQswLRi.jsView on unpkg · L13656Hardcoded password in dist/dist-7SQswLRi.js
dist/dist-7SQswLRi.jsView on unpkg · L21205Package source references weak cryptographic algorithms.
dist/dreaming-phases-Bs2VYR3s.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
skills/model-usage/scripts/test_model_usage.pyView on unpkgHardcoded password in docs/gateway/tailscale.md
docs/gateway/tailscale.mdView on unpkg · L118Hardcoded password in docs/gateway/configuration-reference.md
docs/gateway/configuration-reference.mdView on unpkg · L515Hardcoded password in docs/gateway/configuration-reference.md
docs/gateway/configuration-reference.mdView on unpkg · L545Hardcoded password in docs/gateway/config-channels.md
docs/gateway/config-channels.mdView on unpkg · L756Hardcoded password in docs/channels/matrix.md
docs/channels/matrix.mdView on unpkg · L74Package source references dynamic require/import behavior.
dist/loader-frTDr6Tq.jsView on unpkg · L125Source writes installer persistence such as shell profile or service configuration.
dist/schtasks-BSBYFHUM.jsView on unpkg · L7Source reaches cloud instance metadata or link-local credential endpoints.
dist/src-Cp7ODFk2.jsView on unpkg · L4Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/control-ui/assets/config-runtime-Chws_C6h.jsView on unpkg · L2Hardcoded password in dist/proxy-cli.runtime-Dk8MA3v6.js
dist/proxy-cli.runtime-Dk8MA3v6.jsView on unpkg · L856