registry  /  @syengup/friday-channel-next  /  1.0.8

@syengup/friday-channel-next@1.0.8

OpenClaw Friday Next Apple channel plugin

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs the friday-channel-next bin, e.g. npx -y @syengup/friday-channel-next, or authenticated Friday HTTP route use at runtime.
Impact
Enables Friday/canvas plugins, LAN gateway access, selected canvas/nodes commands, conversation access, plugin upgrade, file attachment storage, and whitelisted agent prompt-file edits for bearer-authenticated clients.
Mechanism
explicit OpenClaw plugin setup and authenticated agent/channel bridge
Rationale
Source inspection found explicit user-command OpenClaw configuration and authenticated agent-control features, but no unconsented npm lifecycle mutation, credential harvesting, stealth persistence, remote payload execution, or exfiltration. Under the policy this should warn rather than block.
Evidence
package.jsoninstall.jsdist/index.jsdist/src/http/server.jsdist/src/http/middleware/auth.jsdist/src/http/handlers/agent-files.jsdist/src/http/handlers/plugin-upgrade.jsdist/src/agent/node-pairing-bridge.js~/.openclaw/openclaw.json~/.openclaw/extensions/friday-channel-next~/.openclaw/friday-next/attachments~/.openclaw/media/inbound/<id><agent workspace>/AGENTS.md<agent workspace>/IDENTITY.md<agent workspace>/SOUL.md<agent workspace>/TOOLS.md<agent workspace>/MEMORY.md<agent workspace>/USER.md<agent workspace>/HEARTBEAT.md<agent workspace>/BOOTSTRAP.md
Network endpoints5
registry.npmjs.org/@syengup/friday-channel-next/latestapi.ipify.orgifconfig.me/ipicanhazip.com127.0.0.1:<gatewayPort>/friday-next/status

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • install.js bin command writes ~/.openclaw/openclaw.json settings for plugins, gateway, and agent tools.
  • install.js enables friday-next hook allowConversationAccess and canvas plugin, sets gateway.bind to lan, allows canvas.eval/nodes commands, and removes canvas/nodes from main agent deny list.
  • install.js runs openclaw plugins install and gateway restart, then prints gateway URL and bearer token as connection info.
  • dist/src/http/handlers/agent-files.js exposes authenticated PUT to whitelisted agent workspace prompt files such as AGENTS.md and TOOLS.md.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hook; install.js is a user-invoked bin, not automatic npm install execution.
  • HTTP routes are registered under /friday-next/* and validate bearer token via dist/src/http/middleware/auth.js.
  • Network use is package-aligned: npm registry version checks, local gateway verification, link/media fetching, and public IP helper endpoints.
  • Dynamic import in dist/src/agent/node-pairing-bridge.js loads OpenClaw's local node-pairing module from resolved OpenClaw dist, not a remote payload.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 209 file(s), 1.06 MB of source, external domains: 10.0.0.5, 127.0.0.1, 192.168.1.1, 93.184.216.34, a.com, api.ipify.org, app.example, app.local, cdn.example.com, db.internal, dead.example.com, docs.openclaw.ai, example.com, gateway.local, icanhazip.com, ifconfig.me, nas.home.arpa, nope.example.com, other.example.com, picsum.photos, qqpublic.qpic.cn, rebind.example.com, registry.npmjs.org, schema.org, www.zhihu.com

Source & flagged code

2 flagged · loading source
dist/src/agent/node-pairing-bridge.jsView file
62throw new Error("node-pairing module not found in OpenClaw dist"); L63: // ESM import() returns the minified export names (r, t, …) because the L64: // bundled module uses `export { listNodePairing as r, … }`. Resolve the
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/src/agent/node-pairing-bridge.jsView on unpkg · L62
install.jsView file
1Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, execution+network L1: #!/usr/bin/env node L2: import { execSync } from "node:child_process"; L3: import { existsSync, readFileSync, writeFileSync, rmSync } from "node:fs"; ... L6: L7: const sudoUser = process.env.SUDO_USER; L8: L9: function realHome() { L10: if (!sudoUser) return homedir(); L11: const current = homedir(); ... L72: if (!hasOpenclaw()) { L73: err("openclaw is required but not found. Install OpenClaw first: https://docs.openclaw.ai"); L74: process.exit(1);
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

install.jsView on unpkg · L1

Findings

1 High4 Medium5 Low
HighEntrypoint Build Divergenceinstall.js
MediumDynamic Requiredist/src/agent/node-pairing-bridge.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings