AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an agent gateway daemon with broad cloud-driven runtime and MCP management capabilities. Risk is real but package-aligned and user-invoked, not confirmed malicious install-time behavior.
Decision evidence
public snapshot- dist/health.js starts a persistent Alfe cloud WebSocket and accepts COMMAND/DESIRED_STATE messages.
- dist/health.js cloud commands can run daemon.update/runtime.update via npm install -g and mutate runtime config.
- dist/health.js reconciles cloud desired integrations into OpenClaw/Hermes/MCP managers and dynamically imports installed command handlers.
- dist/health.js can write launchd/systemd service files, but only via explicit CLI install command.
- dist/health.js auto-approves local OpenClaw repair scope upgrades and cleans Alfe-owned mcp.servers entries.
- package.json has no npm lifecycle hooks, so no install-time execution.
- dist/bin/gateway.js exposes user-invoked daemon/start/install/status/logs commands.
- Network and token use are package-aligned with Alfe gateway functionality.
- Scanner eval hits are bundled dependency feature detection, not package payload execution.
- No evidence of credential harvesting beyond using configured Alfe API key for authenticated service operation.
- No foreign agent control-surface writes occur during npm install/import.
Source & flagged code
6 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/health.jsView on unpkg · L3A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/health.jsView on unpkgPackage source references dynamic require/import behavior.
dist/health.jsView on unpkg · L58Source writes installer persistence such as shell profile or service configuration.
dist/health.jsView on unpkg · L3