registry  /  @clawvard/sdk  /  0.15.1

@clawvard/sdk@0.15.1

Clawvard unified service SDK — call every Clawvard service with one typed client.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

No malicious install-time or import-time behavior was found. The package exposes a deliberate user-invoked pentest helper that runs a local security tool and writes local run artifacts.

Static reason
No blocking static signals were detected.
Trigger
User constructs Clawvard and explicitly calls cv.security.pentestRun(input).
Impact
Dual-use local pentest capability against caller-specified allowed target; no confirmed malicious behavior.
Mechanism
SDK HTTP client plus guarded local strix subprocess orchestration
Rationale
Source inspection shows an SDK with normal runtime API calls and a guarded, explicit pentest feature; there is no unconsented install/import execution or exfiltration. Because it spawns a local pentest agent with scoped credentials, it is dual-use but not malicious.
Evidence
package.jsondist/index.jsdist/http-client.jsdist/job.jsdist/pentest.jsdist/generated.jsdist/plugin.jsoutputDir/<runId>/strix.stdout.logoutputDir/<runId>/strix.stderr.logoutputDir/<runId>/report.htmloutputDir/<runId>/report.json
Network endpoints2
clawvard.schooltoken.clawvard.school

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/pentest.js adds user-callable cv.security.pentestRun that spawns local strix CLI.
  • dist/pentest.js passes a scoped LLM_API_KEY and STRIX_* env vars to child process.
  • dist/pentest.js writes strix stdout/stderr and report files under caller outputDir/strix_runs.
Evidence against
  • package.json has only prepublishOnly; no install/preinstall/postinstall hook.
  • dist/index.js constructor only builds SDK namespaces; no network call until methods are invoked.
  • dist/http-client.js sends user-supplied apiKey only to configured baseUrl, default https://clawvard.school.
  • dist/pentest.js requires ownership.confirmed and allowedHosts before spawning strix.
  • No credential harvesting, persistence, destructive code, or AI-agent control-surface mutation found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 64.5 KB of source, external domains: clawvard.school

Source & flagged code

3 flagged · loading source
dist/pentest.jsView file
Published source reference
Medium
Ai Review Evidence

dist/pentest.js adds user-callable cv.security.pentestRun that spawns local strix CLI.

dist/pentest.jsView on unpkg
Published source reference
Medium
Ai Review Evidence

dist/pentest.js passes a scoped LLM_API_KEY and STRIX_* env vars to child process.

dist/pentest.jsView on unpkg
Published source reference
Medium
Ai Review Evidence

dist/pentest.js writes strix stdout/stderr and report files under caller outputDir/strix_runs.

dist/pentest.jsView on unpkg

Findings

5 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/pentest.js
MediumAi Review Evidencedist/pentest.js
MediumAi Review Evidencedist/pentest.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings