AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface; the dangerous primitives are part of a user-started local gateway daemon for Alfe agent integrations. Remote command handling is authenticated to configured Alfe endpoints and package-aligned.
Decision evidence
public snapshot- dist/health.js accepts authenticated cloud COMMAND messages that can restart/update daemon/runtime and execute registered integration handlers.
- dist/upgrade.js and dist/runtime-upgrade.js run npm/hermes/openclaw update commands, but only from daemon command handling.
- dist/health.js can alter OpenClaw/Hermes MCP/runtime config and auto-approve local OpenClaw repair pairings during daemon runtime.
- package.json has no install/preinstall/postinstall lifecycle hooks; bin is user-invoked alfe-gateway.
- dist/bin/gateway.js only dispatches CLI commands to daemon/service/status/log functions.
- dist/health.js network use is aligned with an authenticated Alfe gateway daemon: API fetches, WebSocket registration, and local AI proxy.
- No confirmed remote asset decode-and-execute path found; eval/new Function hits are bundled dependency/runtime feature-detection code.
- Persistence writes are explicit service install commands for launchd/systemd, not install-time execution.
Source & flagged code
7 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/health.jsView on unpkg · L3A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/health.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/health.jsView on unpkgPackage source references dynamic require/import behavior.
dist/health.jsView on unpkg · L58Source writes installer persistence such as shell profile or service configuration.
dist/health.jsView on unpkg · L3