registry  /  @okki-global/okki-claw  /  1.2.4-beta

@okki-global/okki-claw@1.2.4-beta

Node.js sidecar that bridges local OpenClaw gateway to the agent-relay cloud relay.

AI Security Review

scanned 7d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a sidecar/CLI that intentionally bridges local agent/OpenClaw services to an agent-relay endpoint and manages configured ACP agent processes.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs okki-claw CLI/API commands such as pair, run, daemon, update, or agent-relay-mcp.
Impact
Runtime network and process control within the documented sidecar purpose; no install-time mutation, stealth persistence, or unrelated exfiltration found.
Mechanism
Package-aligned sidecar relay, pairing config writes, optional self-update, and agent process management.
Rationale
Static inspection found powerful network, process, and config-write primitives, but they are documented and activated by user/runtime sidecar commands rather than npm install/import-time abuse. No concrete credential exfiltration, destructive behavior, remote payload execution, or unconsented AI-agent control-surface mutation was found.
Evidence
package.jsonREADME.mddist/index.jsdist/main.jsdist/chunk-G2TVJH3L.js~/.agent-relay/config.json~/.agent-relay/sidecar.lock~/.agent-relay/sidecar.log~/.agent-relay/mcp.log~/.openclaw/openclaw.json~/.openclaw/identity/device.json~/.openclaw/identity/device-auth.json
Network endpoints4
agent-relay.okki.comlocalhost:8080localhost:18799wss://relay.agent-relay.io/tunnel

Decision evidence

public snapshot
AI called this Clean at 84.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/chunk-G2TVJH3L.js uses child_process for npm update, daemon spawn, ACP process listing/killing, and configured agent adapters.
  • dist/chunk-G2TVJH3L.js can save pairing/device config and custom ACP profiles under .agent-relay config at explicit runtime.
  • dist/main.js exposes MCP bridge tools that POST to configured bridge URLs with bearer auth.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • README.md describes a Node sidecar bridging local OpenClaw Gateway to agent-relay cloud relay, matching network/process behavior.
  • dist/main.js only runs CLI commands such as pair, run, daemon, update, and agent management; import entry dist/index.js just exports APIs.
  • Network defaults are package-aligned: agent-relay.okki.com, local OpenClaw/control UI, and user/env configured relay URLs.
  • Logs redact token/credential/secret fields; no credential harvesting or unrelated exfiltration flow found.
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
NoLicense
scanned 3 file(s), 270 KB of source, external domains: 127.0.0.1, agent-relay.okki.com

Source & flagged code

3 flagged · loading source
dist/chunk-G2TVJH3L.jsView file
1import{execFile as Ro}from"child_process";import{readFile as Po}from"fs/promises";import{dirname as Io,join as Gn}from"path";import{fileURLToPath as Eo}from"url";import{promisify a... L2: Set OPENCLAW_GATEWAY_URL and OPENCLAW_GATEWAY_TOKEN to override`)}let n;try{n=JSON.parse(e)}catch{throw new Error(`Invalid JSON in ${t.openclawConfigPath}`)}let s=n.gateway,r=s?.po...
High
Child Process

Package source references child process execution.

dist/chunk-G2TVJH3L.jsView on unpkg · L1
1import{execFile as Ro}from"child_process";import{readFile as Po}from"fs/promises";import{dirname as Io,join as Gn}from"path";import{fileURLToPath as Eo}from"url";import{promisify a... L2: Set OPENCLAW_GATEWAY_URL and OPENCLAW_GATEWAY_TOKEN to override`)}let n;try{n=JSON.parse(e)}catch{throw new Error(`Invalid JSON in ${t.openclawConfigPath}`)}let s=n.gateway,r=s?.po...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/chunk-G2TVJH3L.jsView on unpkg · L1
1import{execFile as Ro}from"child_process";import{readFile as Po}from"fs/promises";import{dirname as Io,join as Gn}from"path";import{fileURLToPath as Eo}from"url";import{promisify a... L2: Set OPENCLAW_GATEWAY_URL and OPENCLAW_GATEWAY_TOKEN to override`)}let n;try{n=JSON.parse(e)}catch{throw new Error(`Invalid JSON in ${t.openclawConfigPath}`)}let s=n.gateway,r=s?.po... L3: Set OPENCLAW_GATEWAY_TOKEN to override`);return{url:`http://${i}:${a}`,token:d}}async function ci(t){try{return(await fetch(`${t.url}/health`,{headers:{Authorization:`Bearer ${t.to... L4: `),{id:s,promise:r,cancel:i=>{let a=this.pendingRequests.get(s);a&&(this.pendingRequests.delete(s),a.reject(i))}}}sendNotification(e,n){if(!this.proc)throw new Error("ACP client no...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/chunk-G2TVJH3L.jsView on unpkg · L1

Findings

3 High2 Medium4 Low
HighChild Processdist/chunk-G2TVJH3L.js
HighSame File Env Network Executiondist/chunk-G2TVJH3L.js
HighCommand Output Exfiltrationdist/chunk-G2TVJH3L.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License