AI Security Review
scanned 2h ago · by lpm-firewall-aiA JWT holder can request `/plugins/huihuo/auth/gateway-token`, which reads and returns the gateway token from runtime configuration. The default JWT signing secret is publicly embedded, enabling token forgery unless operators override it.
Decision evidence
public snapshot- `dist/config.js` falls back to a public hard-coded JWT secret.
- `dist/auth/routes.js` returns the configured gateway bearer token to any valid JWT holder.
- `dist/auth/sms.js` exposes verification codes in dev/fallback responses when SMS is unavailable.
- `dist/admin/store.js` persists user and agent-binding data under `~/.openclaw/clawbutler-oauth`.
- `dist/guard/agent.js` can mutate the host OpenClaw agent config when called.
- `package.json` has no preinstall/install/postinstall hook; only `prepublishOnly` builds.
- No child-process, shell, eval, dynamic loading, or native binary execution appears in `dist`.
- The only outbound service call is package-aligned Aliyun SMS delivery.
- The extension registration in `dist/index.js` is runtime plugin setup, not install-time execution.
- No source evidence of covert external exfiltration or destructive behavior.
Source & flagged code
5 flagged · loading source`dist/config.js` falls back to a public hard-coded JWT secret.
dist/config.jsView on unpkg`dist/auth/routes.js` returns the configured gateway bearer token to any valid JWT holder.
dist/auth/routes.jsView on unpkg`dist/auth/sms.js` exposes verification codes in dev/fallback responses when SMS is unavailable.
dist/auth/sms.jsView on unpkg`dist/admin/store.js` persists user and agent-binding data under `~/.openclaw/clawbutler-oauth`.
dist/admin/store.jsView on unpkg`dist/guard/agent.js` can mutate the host OpenClaw agent config when called.
dist/guard/agent.jsView on unpkg