AI Security Review
scanned 5d ago · by lpm-firewall-aiThe package is an OpenClaw workspace sync plugin/CLI that uploads and restores workspace files through Alfe APIs and presigned URLs. No confirmed malware or decoded remote execution was found, but remote/path-controlled restore and relay delete paths lack clear containment in core download/delete flows.
Decision evidence
public snapshot- openclaw.plugin.json activates onStartup and hooks agent start/stop/compaction to pull/push workspace data
- dist/plugin2.js activate() starts realtime watcher and performs initial syncEngine.push() when configured
- dist/sync-engine.js uploads changed workspace files via presigned PUT and downloads remote files to disk
- dist/sync-engine.js and dist/cli/index.js join remote file paths to workspacePath without containment checks in restore/download paths
- dist/plugin2.js relay FILE_CHANGED deleted events can call removeLocalFile(filePath) from WebSocket messages
- No npm install/postinstall lifecycle scripts in package.json
- No eval/Function/vm or remote asset decode/execute found; scanner critical finding appears to confuse downloads with execution
- Network behavior is aligned with declared Alfe/OpenClaw sync and backup functionality
- Default ignores exclude .env, .git, node_modules, caches, logs, and common build artifacts
- Shared sync code includes containment checks for shared scope downloads
Source & flagged code
2 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/plugin2.jsView on unpkg · L107A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/plugin2.jsView on unpkg