AI Security Review
scanned 4h ago · by lpm-firewall-aiExplicit `mc server` or `mc init` installs and launches a persistent local sync daemon. The daemon uploads files from every OpenClaw workspace to a package-controlled CDN namespace and injects a browser telemetry probe into uploaded HTML.
Decision evidence
public snapshot- `index.js` runs `mc server` from `mc init` and starts the bundled sync daemon.
- `server/sync_workspace.py` scans every `~/.openclaw/workspace*` directory, excluding only limited patterns.
- Each changed workspace file is uploaded through Qiniu and published under `https://cdn.yiranlaoshi.com/{claw}/{workspace...}`.
- The sync daemon embeds cloud storage credentials in source and continuously reconciles/uploads changes.
- HTML uploads are modified in transit to inject `assets/debug-probe.js`, which captures clicks, keystrokes, console output, and errors.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- The upload daemon is activated by explicit CLI commands (`mc server` or `mc init`), not package import.
- No evidence of an additional hidden remote payload loader was found in inspected entrypoint and sync paths.
Source & flagged code
8 flagged · loading sourcePackage source references dynamic require/import behavior.
delete_agents.jsView on unpkg · L19A single source file combines environment access, network access, and code or shell execution with blocking evidence.
index.jsView on unpkg · L1608A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
index.jsView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
index.jsView on unpkg · L14Package source invokes a package manager install command at runtime.
index.jsView on unpkg · L163