AI Security Review
scanned 4h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `package.json` runs `scripts/pin-xmtp-bindings.cjs` during `postinstall`.
- `scripts/pin-xmtp-bindings.cjs` executes forced `npm install` at install time.
- The postinstall recursively removes nested `@xmtp/node-bindings` directories in its install tree.
- `dist/cron-QMLRWDJG.js` creates OpenClaw cron jobs that run every 15 minutes and hourly.
- `dist/index.js` invokes cron registration after explicit fund creation/join commands.
- `dist/agent-UNSW5IPO.js` spawns a fixed local TradingView MCP binary with inherited environment.
- Postinstall behavior is transparent, constrained to XMTP dependency pinning, and exits without blocking install.
- No source evidence of credential harvesting or exfiltration.
- No remote payload URL, eval/vm execution, or arbitrary shell interpolation was found.
- OpenClaw mutation uses fixed executable arguments and only occurs after user-invoked fund workflows.
- Cron removal is provided by the explicit `fund leave` command.
- Config secrets are saved only through explicit `config set` options.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/cron-QMLRWDJG.jsView on unpkg · L1Package source references weak cryptographic algorithms.
dist/agent-UNSW5IPO.jsView on unpkg · L69Package source invokes a package manager install command at runtime.
scripts/pin-xmtp-bindings.cjsView on unpkg · L47This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkg