AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The extension performs its advertised semantic-memory, optional cloud-LLM, local API, and voice-recognition functions after OpenClaw loads it.
Decision evidence
public snapshot- `dist/index.js` auto-loads a fixed local `~/github/news-knowledge-base/.../news_search.js` module when vector search is configured.
- `dist/index.js` reads OpenClaw session transcripts and can send supplied content to its configured/default LLM API.
- `dist/voice-identify.js` uploads explicitly supplied audio to Tencent Cloud ASR.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- `openclaw.plugin.json` declares a first-party memory extension and no install hooks.
- Network calls use configured AI/ASR services or loopback APIs, not a hidden collector.
- Writes are memory, profile, vector, face, and log data under the configured workspace.
- No child-process, shell, eval/vm, or remote-code-loading API was found in `dist/*.js`.
- The local dynamic import is optional, fixed-path, and failure is handled as non-critical.
Source & flagged code
3 flagged · loading source`dist/index.js` auto-loads a fixed local `~/github/news-knowledge-base/.../news_search.js` module when vector search is configured.
dist/index.jsView on unpkg`dist/index.js` reads OpenClaw session transcripts and can send supplied content to its configured/default LLM API.
dist/index.jsView on unpkg`dist/voice-identify.js` uploads explicitly supplied audio to Tencent Cloud ASR.
dist/voice-identify.jsView on unpkg