AI Security Review
scanned 3d ago · by lpm-firewall-aiThe package is an OpenClaw sync plugin/CLI that can upload, download, overwrite, and delete agent workspace files after activation or CLI use. The main unresolved risk is remote path handling in private sync/restore paths, not evidence of intentional malware.
Decision evidence
public snapshot- openclaw.plugin.json starts onStartup and runs alfesync pull/push hooks on agent lifecycle
- dist/sync-engine.js writes remote manifest paths with join(workspacePath, relativePath) without containment checks
- dist/cli/index.js restore writes bundle file.path under workspace without traversal validation
- dist/plugin2.js WebSocket relay can trigger pull/delete of workspace files by remote notifications
- No package.json install/preinstall/postinstall lifecycle scripts
- dist/plugin2.js scanner-indicated remote decode/execute behavior not present; no eval/Function use found
- Network use is aligned with documented Alfe sync, S3 presigned URL, and relay functionality
- Shared sync path has assertContained and file-size cap
- README and manifest describe workspace backup/sync behavior
Source & flagged code
3 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/plugin2.jsView on unpkg · L107A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/plugin2.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/plugin2.cjsView on unpkg