registry  /  @syengup/friday-channel-next  /  1.0.7

@syengup/friday-channel-next@1.0.7

OpenClaw Friday Next Apple channel plugin

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 10 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 207 file(s), 1.03 MB of source, external domains: 10.0.0.5, 127.0.0.1, 192.168.1.1, 93.184.216.34, a.com, api.ipify.org, app.example, app.local, cdn.example.com, db.internal, dead.example.com, docs.openclaw.ai, example.com, gateway.local, icanhazip.com, ifconfig.me, nas.home.arpa, nope.example.com, other.example.com, picsum.photos, qqpublic.qpic.cn, rebind.example.com, registry.npmjs.org, schema.org, www.zhihu.com

Source & flagged code

2 flagged · loading source
dist/src/agent/node-pairing-bridge.jsView file
62throw new Error("node-pairing module not found in OpenClaw dist"); L63: // ESM import() returns the minified export names (r, t, …) because the L64: // bundled module uses `export { listNodePairing as r, … }`. Resolve the
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/src/agent/node-pairing-bridge.jsView on unpkg · L62
install.jsView file
1Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, execution+network L1: #!/usr/bin/env node L2: import { execSync } from "node:child_process"; L3: import { existsSync, readFileSync, writeFileSync, rmSync } from "node:fs"; ... L6: L7: const sudoUser = process.env.SUDO_USER; L8: L9: function realHome() { L10: if (!sudoUser) return homedir(); L11: const current = homedir(); ... L72: if (!hasOpenclaw()) { L73: err("openclaw is required but not found. Install OpenClaw first: https://docs.openclaw.ai"); L74: process.exit(1);
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

install.jsView on unpkg · L1

Findings

1 High4 Medium5 Low
HighEntrypoint Build Divergenceinstall.js
MediumDynamic Requiredist/src/agent/node-pairing-bridge.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings