AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked ClawLink host worker that installs a background service, stores host tokens locally, polls ClawLink for jobs, and runs configured local agent CLIs as its documented purpose.
Decision evidence
public snapshot- scripts/install.js can create user services and copy app code under ~/.clawlink-host/app, but only via CLI commands.
- src/adapters/base.js spawns configured AI runtime CLIs for remote ClawLink jobs.
- Package ships native/harness-core.darwin-arm64.node for optional P2P transport.
- package.json has no install/preinstall/postinstall lifecycle hook.
- bin/cli.js only dispatches explicit user commands; import alone does not run setup or worker.
- src/bridge.js sends outbound Host Token-authenticated requests to the configured ClawLink bridge.
- src/adapters/base.js uses argv arrays, shell:false on POSIX, and strips known unsafe approval flags.
- templates/* contain benign agent workspace guidance and are copied only after interactive opt-in.
- Binary strings match iroh/NAPI P2P transport, with no obvious credential harvesting or unrelated endpoints.
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
native/index.jsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version.
scripts/install.jsView on unpkgPackage source invokes a package manager install command at runtime.
scripts/install.jsView on unpkg · L36Source writes installer persistence such as shell profile or service configuration.
scripts/install.jsView on unpkg · L8Package ships native binary artifacts.
native/harness-core.darwin-arm64.nodeView on unpkg