AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface, but the package is a first-party AI-agent host gateway that installs a persistent local worker and can execute remote jobs through local agent CLIs after explicit setup.
Decision evidence
public snapshot- scripts/install.js explicitly installs persistent launchd/systemd/Windows scheduled-task service on user command
- src/worker.js polls remote host-bridge jobs and runs configured local AI runtimes
- src/adapters/codex.js can grant writable turns workspace-write or trusted danger-full-access when configured
- src/adapters/cli.js downloads job attachments into workspace and spawns local runtime binaries
- templates/codex/AGENTS.md and templates/claude/CLAUDE.md add agent workspace instructions when user opts in
- package.json has no preinstall/install/postinstall lifecycle hooks
- bin/cli.js only dispatches explicit CLI commands; setup/install are user-invoked
- scripts/install.js service and config writes are under named ClawLink paths and package-owned service labels
- src/bridge.js uses fixed ClawLink/Supabase host-bridge endpoint with bearer Host Token, aligned with package purpose
- src/adapters/base.js uses spawn argv arrays with shell false on POSIX and filters auto-approve flags from args_template
- No credential harvesting beyond user-provided host/local gateway tokens and no stealth exfiltration found
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
native/index.jsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
scripts/install.jsView on unpkgPackage source invokes a package manager install command at runtime.
scripts/install.jsView on unpkg · L36Source writes installer persistence such as shell profile or service configuration.
scripts/install.jsView on unpkg · L8Package ships native binary artifacts.
native/harness-core.darwin-arm64.nodeView on unpkg