AI Security Review
scanned 10h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. This is an OpenClaw sync extension that can automatically upload, download, and delete workspace files when enabled by the OpenClaw plugin lifecycle or CLI. The behavior is package-aligned but high-trust because it mirrors agent config, conversations, and memory to Alfe/S3-backed services.
Decision evidence
public snapshot- openclaw.plugin.json activates onStartup and hooks agent start/stop/compaction to pull/push workspace data
- dist/plugin2.js starts realtime watcher and firstRunReconcile on plugin service start after Alfe config is present
- dist/sync-engine.js uploads changed workspace files via presigned PUT URLs and confirms uploads through AgentApiClient
- dist/plugin2.js connects to wss://sync.alfe.ai/ws or environment variants using the Alfe API key
- dist/sync-engine.js and dist/cli/index.js write downloaded remote files into workspace during pull/restore
- package.json has no preinstall/install/postinstall lifecycle hooks
- network behavior is aligned with @alfe.ai package purpose and uses @alfe.ai/config credentials
- default ignores exclude .env, node_modules, .git, plugins/extensions/npm runtime dirs, logs, caches, and .alfesync
- no eval, Function, vm, child_process, native binary loading, or decoded remote code execution found in inspected JS
- shared file downloads enforce size limits and containment for shared scope paths
- README and manifest disclose workspace backup/sync behavior and OpenClaw plugin hooks
Source & flagged code
2 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/plugin2.jsView on unpkg · L108A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/plugin2.jsView on unpkg