registry  /  aivibeclaw  /  2026.6.12

aivibeclaw@2026.6.12

Upgrade to 2026.7.2+ — AiVibeClaw enforces auto-update; older versions are unsupported and blocked by the version gate.

Multi-channel AI gateway with extensible messaging integrations

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package has install-time hooks, but inspected behavior is package-aligned cleanup, hotfixing, and plugin registry migration for a large AI gateway CLI.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install runs preinstall/postinstall; user command runs aivibeclaw.mjs
Impact
No confirmed exfiltration, destructive action, persistence abuse, or hijack
Mechanism
bounded lifecycle maintenance and CLI/runtime service features
Rationale
Static source inspection found risky primitives expected for this AI gateway/CLI package, but the install hooks are bounded and package-aligned with no network or credential exfiltration. Runtime systemd, network, shell, and secret-handling code appears user-invoked feature surface rather than malicious install/import behavior.
Evidence
package.jsonaivibeclaw.mjsscripts/preinstall-package-manager-warning.mjsscripts/postinstall-bundled-plugins.mjsdist/systemd-D1cMFGus.jsdist/dist-CdD4a7gg.jsdist/control-ui/assets/config-runtime-Chws_C6h.jsdistdist/extensions/*/node_modules.aivibeclaw/plugin-runtime-depsnode_modules/baileys/lib/Utils/messages-media.js

Decision evidence

public snapshot
AI called this Clean at 84.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines install hooks: preinstall and postinstall
  • scripts/postinstall-bundled-plugins.mjs can remove stale dist/plugin-runtime-deps files and patch node_modules/baileys during install
  • scripts/postinstall-bundled-plugins.mjs dynamically imports dist/commands/doctor/shared/plugin-registry-migration.js if present
  • dist/systemd-D1cMFGus.js contains systemd service install/control code for runtime daemon setup
Evidence against
  • scripts/preinstall-package-manager-warning.mjs only detects package manager and prints a warning
  • postinstall operations are bounded to package dist, legacy aivibeclaw plugin state, compile cache, or package node_modules hotfix paths
  • No postinstall network calls, credential harvesting, or unconsented AI-agent control-surface writes found
  • aivibeclaw.mjs is a CLI launcher that imports packaged dist entrypoints on user invocation
  • Scanner secret/unicode hits map to bundled dependency/runtime data and Unicode regex tables, not confirmed payloads
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5,017 file(s), 52.8 MB of source, external domains: 127.0.0.1, 169.254.169.254, a2ui.org, account.minimax.io, account.minimaxi.com, accounts.feishu.cn, accounts.google.com, accounts.larksuite.com, agentskills.io, ai.azure.com, ai.ollama.com, aiplatform.googleapis.com, aistudio.google.com, aivibeclaw.com, albumart.url, api-dashboard.search.brave.com, api-data.line.me, api.anthropic.com, api.botframework.com, api.chutes.ai, api.cohere.ai, api.deepgram.com, api.deepseek.com, api.dev.runwayml.com, api.elevenlabs.io, api.example.com, api.github.com, api.imgflip.com, api.individual.githubcopilot.com, api.line.me, api.minimax.io, api.minimaxi.com, api.mistral.ai, api.moonshot.ai, api.moonshot.cn, api.novita.ai, api.openai.com, api.plivo.com, api.pluralkit.me, api.push.apple.com, api.sandbox.push.apple.com, api.search.brave.com, api.senseaudio.cn, api.synthetic.new, api.telegram.org, api.telnyx.com, api.together.xyz, api.twilio.com, api.twitch.tv, api.voyageai.com

Source & flagged code

19 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall-bundled-plugins.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/dist-CdD4a7gg.jsView file
5588patternName = private_key_rsa severity = critical line = 5588 matchedText = if (type...g");
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/dist-CdD4a7gg.jsView on unpkg · L5588
5588patternName = private_key_rsa severity = critical line = 5588 matchedText = if (type...g");
Critical
Secret Pattern

RSA private key in dist/dist-CdD4a7gg.js

dist/dist-CdD4a7gg.jsView on unpkg · L5588
13656patternName = generic_password severity = medium line = 13656 matchedText = passwo...
Medium
Secret Pattern

Hardcoded password in dist/dist-CdD4a7gg.js

dist/dist-CdD4a7gg.jsView on unpkg · L13656
21205patternName = generic_password severity = medium line = 21205 matchedText = passwo...
Medium
Secret Pattern

Hardcoded password in dist/dist-CdD4a7gg.js

dist/dist-CdD4a7gg.jsView on unpkg · L21205
scripts/postinstall-bundled-plugins.mjsView file
818} L819: const importModule = params.importModule ?? ((specifier) => import(specifier)); L820: return await importModule(resolveDistModuleUrl(packageRoot, distPath));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/postinstall-bundled-plugins.mjsView on unpkg · L818
dist/clawhub-D9h8o5bB.jsView file
13//#region src/infra/clawhub.ts L14: const DEFAULT_CLAWHUB_URL = "https://clawhub.ai"; L15: const DEFAULT_GITHUB_CODELOAD_URL = "https://codeload.github.com"; ... L33: function normalizeBaseUrl(baseUrl) { L34: const envValue = normalizeOptionalString(process.env.AIVIBECLAW_CLAWHUB_URL) || normalizeOptionalString(process.env.CLAWHUB_URL) || DEFAULT_CLAWHUB_URL; L35: return (normalizeOptionalString(baseUrl) || envValue).replace(/\/+$/, "") || DEFAULT_CLAWHUB_URL; ... L48: const xdgConfigHome = normalizeOptionalString(process.env.XDG_CONFIG_HOME); L49: const configHome = xdgConfigHome && xdgConfigHome.length > 0 ? xdgConfigHome : path.join(os.homedir(), ".config"); L50: const xdgPath = path.join(configHome, "clawhub", "config.json"); L51: if (process.platform === "darwin") return [path.join(os.homedir(), "Library", "Application Support", "clawhub", "config.json"), xdgPath]; L52: return [xdgPath]; ... L58: const raw = await fs.readFile(configPath, "utf8");
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/clawhub-D9h8o5bB.jsView on unpkg · L13
dist/systemd-D1cMFGus.jsView file
104try { L105: return os.userInfo().username; L106: } catch { ... L114: try { L115: const { stdout } = await runExec("loginctl", [ L116: "show-user", ... L482: async function execSystemctl(args, env) { L483: return await execFileUtf8("systemctl", args, { env: env ? resolveSystemctlProcessEnv(env) : process.env }); L484: } ... L848: await [redacted](env); L849: if (removed) stdout.write(`${formatLine("Removed systemd service", unitPath)}\n`); L850: else stdout.write(`Systemd service not found at ${unitPath}\n`);
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/systemd-D1cMFGus.jsView on unpkg · L104
dist/control-ui/assets/config-runtime-Chws_C6h.jsView file
2contains invisible/control Unicode U+FEFF (zero width no-break space) `?(o++,s=0):e?s+=e.length:s++,e&&(a+=e.length),e}var te={default(){switch(_){case` `:case`\v`:case`\f`:case` `:case`\xA0`:case`<U+FEFF>`:case`
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/control-ui/assets/config-runtime-Chws_C6h.jsView on unpkg · L2
skills/model-usage/scripts/test_model_usage.pyView file
path = skills/model-usage/scripts/test_model_usage.py kind = build_helper sizeBytes = 5654 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/model-usage/scripts/test_model_usage.pyView on unpkg
dist/proxy-cli.runtime-DARm2C1E.jsView file
856patternName = generic_password severity = medium line = 856 matchedText = url.pass...ed";
Medium
Secret Pattern

Hardcoded password in dist/proxy-cli.runtime-DARm2C1E.js

dist/proxy-cli.runtime-DARm2C1E.jsView on unpkg · L856
dist/i18n-2H5-8AI2.jsView file
11patternName = generic_password severity = medium line = 11 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in dist/i18n-2H5-8AI2.js

dist/i18n-2H5-8AI2.jsView on unpkg · L11
docs/help/faq.mdView file
1511patternName = generic_password severity = medium line = 1511 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/help/faq.md

docs/help/faq.mdView on unpkg · L1511
docs/gateway/tailscale.mdView file
118patternName = generic_password severity = medium line = 118 matchedText = auth: { ..." },
Medium
Secret Pattern

Hardcoded password in docs/gateway/tailscale.md

docs/gateway/tailscale.mdView on unpkg · L118
docs/gateway/configuration-reference.mdView file
515patternName = generic_password severity = medium line = 515 matchedText = // passw...WORD
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L515
545patternName = generic_password severity = medium line = 545 matchedText = // passw...rd",
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L545
docs/gateway/config-channels.mdView file
756patternName = generic_password severity = medium line = 756 matchedText = password...D}",
Medium
Secret Pattern

Hardcoded password in docs/gateway/config-channels.md

docs/gateway/config-channels.mdView on unpkg · L756
docs/channels/matrix.mdView file
74patternName = generic_password severity = medium line = 74 matchedText = password...cret
Medium
Secret Pattern

Hardcoded password in docs/channels/matrix.md

docs/channels/matrix.mdView on unpkg · L74
docs/channels/irc.mdView file
206patternName = generic_password severity = medium line = 206 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/channels/irc.md

docs/channels/irc.mdView on unpkg · L206

Findings

3 Critical1 High18 Medium8 Low
CriticalCritical Secretdist/dist-CdD4a7gg.js
CriticalTrojan Source Unicodedist/control-ui/assets/config-runtime-Chws_C6h.js
CriticalSecret Patterndist/dist-CdD4a7gg.js
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requirescripts/postinstall-bundled-plugins.mjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/systemd-D1cMFGus.js
MediumProtestware
MediumShips Build Helperskills/model-usage/scripts/test_model_usage.py
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/proxy-cli.runtime-DARm2C1E.js
MediumSecret Patterndist/i18n-2H5-8AI2.js
MediumSecret Patterndist/dist-CdD4a7gg.js
MediumSecret Patterndist/dist-CdD4a7gg.js
MediumSecret Patterndocs/help/faq.md
MediumSecret Patterndocs/gateway/tailscale.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/gateway/config-channels.md
MediumSecret Patterndocs/channels/matrix.md
MediumSecret Patterndocs/channels/irc.md
LowScripts Present
LowEval
LowWeak Cryptodist/clawhub-D9h8o5bB.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings