AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package offers explicit CLI setup that registers its MCP server with AI-agent hosts and bundles an OpenClaw plugin that activates when that plugin is installed in a gateway. It also exposes ROS2 robot-control capabilities through configured transports. No install-time or covert execution path was confirmed.
Decision evidence
public snapshot- `dist/util/mcp-setup.js` writes AgenticROS MCP entries for Codex, Hermes, and Claude.
- `dist/util/codex-config.js` writes `~/.codex/config.toml` or project `.codex/config.toml`.
- `runtime/packages/agenticros/agenticros-agenticros-0.0.1.tgz` contains an OpenClaw plugin activated on gateway startup.
- Bundled plugin registers ROS2 action and publish tools, enabling robot-control commands.
- `dist/commands/publish-skill.js` reads GitHub tokens for its explicit publishing command.
- Root `package.json` has only `prepublishOnly`; no preinstall/install/postinstall hook.
- `dist/index.js` dispatches setup and robot actions only from CLI subcommands or its menu.
- MCP configuration writes are scoped to the named `agenticros` entry and preserve other Codex config.
- `dist/util/mcp-discovery.js` spawns the bundled/local MCP entry only when discovery is invoked.
- No source evidence of covert credential exfiltration, remote payload download, eval, or destructive import-time behavior.
- The `.tgz` is a readable packaged first-party OpenClaw plugin, not an opaque executable payload.
Source & flagged code
10 flagged · loading sourcePackage source references child process execution.
dist/util/mcp-discovery.jsView on unpkg · L16Package source references dynamic require/import behavior.
dist/commands/skills-dev.jsView on unpkg · L89A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/util/marketplace.jsView on unpkg · L3Package source invokes a package manager install command at runtime.
runtime/scripts/check-cli-tarball-install.mjsView on unpkg · L197Package ships non-JavaScript build or shell helper files.
runtime/scripts/start_demo.shView on unpkgPackage ships high-entropy non-source blobs.
runtime/packages/agenticros/agenticros-agenticros-0.0.1.tgzView on unpkgPackage ships compressed or archive-like blobs.
runtime/packages/agenticros/agenticros-agenticros-0.0.1.tgzView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
runtime/packages/agenticros/agenticros-agenticros-0.0.1.tgzView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
runtime/packages/robot-eyes/src/index.jsView on unpkg