registry  /  @unayung/lineworks  /  0.8.0

@unayung/lineworks@0.8.0

OpenClaw LINE WORKS channel plugin (PoC)

AI Security Review

scanned 5h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. This is an OpenClaw LINE WORKS channel extension with an explicit setup surface that changes its own channel configuration. Runtime credentials and OAuth tokens are used for LINE WORKS messaging, mail, and attachment features; no install-time attack behavior is established.

Static reason
No blocking static signals were detected.
Trigger
An operator enables/configures the LINE WORKS channel or invokes its runtime features.
Impact
The extension can store LINE WORKS OAuth tokens and act with configured LINE WORKS scopes; attachment redirect handling could expose a bearer token if the service supplied an untrusted redirect.
Mechanism
First-party OpenClaw channel setup plus authenticated LINE WORKS API integration.
Rationale
Source indicates a package-aligned LINE WORKS integration, not concrete malware. It remains warning-worthy under the firewall policy because it is a first-party agent extension setup surface with credential persistence and a redirect-token exposure risk.
Evidence
package.jsonindex.tssetup-entry.tssrc/setup-surface.tssrc/oauth-store.tssrc/attachments.tssrc/auth.tssrc/oauth.tssrc/send.ts
Network endpoints2
auth.worksmobile.com/oauth2/v2.0/tokenwww.worksapis.com/v1.0

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • `src/setup-surface.ts` patches OpenClaw's `channels.lineworks` configuration during setup.
  • `src/oauth-store.ts` persists OAuth refresh tokens under the OpenClaw home directory.
  • `src/attachments.ts` forwards a bearer token when following a LINE WORKS attachment redirect.
  • `src/attachments.ts` invokes `ffmpeg` for user-supplied local audio paths.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hook.
  • `index.ts` and `setup-entry.ts` only register declared OpenClaw channel entries.
  • Network calls target LINE WORKS auth/API endpoints for channel operations.
  • Token files use a package-specific directory and restrictive `0700`/`0600` modes.
  • No eval, dynamic payload loading, shell interpolation, destructive deletion, or unrelated exfiltration found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 56 file(s), 308 KB of source, external domains: auth.worksmobile.com, developers.worksmobile.com, example.com, help.example, www.worksapis.com

Source & flagged code

4 flagged · loading source
src/setup-surface.tsView file
Published source reference
Medium
Ai Review Evidence

`src/setup-surface.ts` patches OpenClaw's `channels.lineworks` configuration during setup.

src/setup-surface.tsView on unpkg
src/oauth-store.tsView file
Published source reference
Medium
Ai Review Evidence

`src/oauth-store.ts` persists OAuth refresh tokens under the OpenClaw home directory.

src/oauth-store.tsView on unpkg
src/attachments.tsView file
Published source reference
Medium
Ai Review Evidence

`src/attachments.ts` forwards a bearer token when following a LINE WORKS attachment redirect.

src/attachments.tsView on unpkg
Published source reference
Medium
Ai Review Evidence

`src/attachments.ts` invokes `ffmpeg` for user-supplied local audio paths.

src/attachments.tsView on unpkg

Findings

6 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencesrc/setup-surface.ts
MediumAi Review Evidencesrc/oauth-store.ts
MediumAi Review Evidencesrc/attachments.ts
MediumAi Review Evidencesrc/attachments.ts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings