AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. OpenClaw platform extension can automatically sync agent workspace files to/from Alfe cloud once activated with an existing Alfe config. This is a dangerous agent-extension lifecycle capability, but not unconsented npm install-time hijack or remote code execution.
Decision evidence
public snapshot- openclaw.plugin.json activates onStartup and hooks agent start/stop/compaction to alfesync pull/push.
- dist/plugin2.js starts realtime watcher and firstRunReconcile on platform service start when Alfe config exists.
- dist/sync-engine.js uploads workspace files via presigned PUT URLs and writes/pulls remote files into workspace.
- dist/plugin2.js opens persistent Sync Relay WebSocket using configured API key as token.
- package.json has no npm install/preinstall/postinstall lifecycle scripts.
- No eval/vm/Function or child_process execution found in inspected JS entrypoints.
- Network/file behavior is package-aligned sync/restore functionality gated by OpenClaw activation or alfesync CLI and Alfe config.
- Path traversal checks exist for shared sync downloads; default ignores exclude node_modules, .git, .env, extensions, plugins.
Source & flagged code
2 flagged · loading sourceSource fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/plugin2.jsView on unpkg · L108A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/plugin2.jsView on unpkg