AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. This is a first-party OpenClaw sync extension that can upload, download, delete, and restore files in the configured agent workspace when activated. The behavior is sensitive but package-aligned; no concrete malicious payload execution or credential exfiltration chain was found.
Decision evidence
public snapshot- openclaw.plugin.json activates package-owned OpenClaw plugin onStartup and runs alfesync hooks on agent start/stop/compaction.
- dist/plugin2.js activate() starts realtime watcher, scheduled sync, daemon IPC, and WebSocket relay using Alfe config API key.
- dist/sync-engine.js uploads workspace files to presigned URLs and downloads/restores remote files into the configured workspace.
- dist/sync-engine.js writes sync state under ~/.alfe/sync/manifest.json and recovery/conflict files in the workspace.
- package.json has no npm preinstall/install/postinstall lifecycle hooks.
- dist/plugin2.js and dist/sync-engine.js contain package-aligned sync logic, not remote asset decode/execute.
- No eval, Function, child_process execution, native binary loading, or obfuscated staged payload found in inspected entrypoints.
- Default ignores include secrets and extension/plugin/npm directories, reducing broad agent-control-surface sync.
- OpenClaw mutation is via first-party plugin metadata and runtime activation, not unconsented npm install-time mutation.
Source & flagged code
3 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/plugin2.jsView on unpkg · L108A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/plugin2.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/plugin2.cjsView on unpkg