registry  /  @openbrt/weclawbotctl  /  0.1.24

@openbrt/weclawbotctl@0.1.24

WeClawBot pairing and screen-control CLI for local AI agents.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked WeClawBot pairing/control CLI that stores local MQTT credentials and publishes device control messages after explicit commands.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs weclawbotctl bind/status/doctor/export/unbind/screen/preview/clear/thinking/idle or imports exported libs.
Impact
User-selected WeClawBot pairing and screen/activity control; no install-time execution or stealth exfiltration found.
Mechanism
explicit CLI credential storage and MQTT device control
Rationale
Static inspection shows suspicious primitives are tied to the documented CLI purpose: pairing, local credential management, preview file generation, and MQTT publishing to a user-paired device. There is no lifecycle hook, hidden import-time execution, broad agent configuration mutation, credential harvesting, or unconsented remote payload behavior.
Evidence
package.jsonbin/weclawbotctl.mjsbin/weclawbot-byoa-bind.mjslib/mqtt-control.mjsREADME.md~/.config/weclawbot/agent-mqtt.jsonuser-specified screen JSON pathsuser-specified export/preview output pathspreview spool directory from WECLAWBOT_PREVIEW_SPOOL_DIR or OS temp
Network endpoints2
weclawbot.link/byoawss:// URLs supplied by paired MQTT credentials

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • bin/weclawbotctl.mjs can export stored MQTT password only when user passes --include-secret.
  • bin/weclawbotctl.mjs writes/removes ~/.config/weclawbot/agent-mqtt.json via explicit bind/unbind commands.
Evidence against
  • package.json has no preinstall/install/postinstall hooks; execution is only user-invoked CLI/imports.
  • Network use is package-aligned: bind POSTs to https://weclawbot.link/byoa and MQTT uses wss:// URL from paired credentials.
  • bin/weclawbot-byoa-bind.mjs only spawns node to run the local weclawbotctl bind command with inherited stdio.
  • No code writes AI-agent configs, persistence hooks, or foreign control surfaces.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 7 file(s), 43.5 KB of source, external domains: weclawbot.link

Source & flagged code

4 flagged · loading source
bin/weclawbotctl.mjsView file
180patternName = generic_password severity = medium line = 180 matchedText = `WEC_MQT...)}`,
Medium
Secret Pattern

Package contains a possible secret pattern.

bin/weclawbotctl.mjsView on unpkg · L180
189patternName = generic_password severity = medium line = 189 matchedText = `passwor..."}`,
Medium
Secret Pattern

Hardcoded password in bin/weclawbotctl.mjs

bin/weclawbotctl.mjsView on unpkg · L189
466patternName = generic_password severity = medium line = 466 matchedText = password...**",
Medium
Secret Pattern

Hardcoded password in bin/weclawbotctl.mjs

bin/weclawbotctl.mjsView on unpkg · L466
477patternName = generic_password severity = medium line = 477 matchedText = if (!inc...**";
Medium
Secret Pattern

Hardcoded password in bin/weclawbotctl.mjs

bin/weclawbotctl.mjsView on unpkg · L477

Findings

6 Medium4 Low
MediumSecret Patternbin/weclawbotctl.mjs
MediumNetwork
MediumEnvironment Vars
MediumSecret Patternbin/weclawbotctl.mjs
MediumSecret Patternbin/weclawbotctl.mjs
MediumSecret Patternbin/weclawbotctl.mjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings