registry  /  aivibeclaw  /  2026.7.2

aivibeclaw@2026.7.2

Multi-channel AI gateway with extensible messaging integrations

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. Lifecycle hooks perform package-aligned warnings, git hook setup for source checkouts, dist cleanup/hotfixes, and AivibeClaw plugin registry migration without observed exfiltration.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install lifecycle or running the aivibeclaw CLI
Impact
package-local cleanup and AivibeClaw state migration; no confirmed credential theft, persistence, or network exfiltration
Mechanism
package maintenance and CLI bootstrap behavior
Rationale
Direct inspection found high-risk primitives, but they are bounded lifecycle maintenance for this AI gateway package and do not show covert network, credential harvesting, destructive arbitrary paths, or AI-agent control hijack. The package should not be blocked based on the inspected source.
Evidence
package.jsonscripts/preinstall-package-manager-warning.mjsscripts/prepare-git-hooks.mjsscripts/postinstall-bundled-plugins.mjsaivibeclaw.mjsdist/index.jsdist/plugin-registry-migration-DLxaneSy.jsdist/installed-plugin-index-store-KV2qxlBY.js

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • Install lifecycle scripts exist: preinstall, prepare, postinstall in package.json.
  • postinstall can delete stale package dist files and legacy plugin dependency dirs with root/symlink safety checks.
  • postinstall can migrate installed plugin registry into the AivibeClaw state SQLite DB.
  • prepare runs git config core.hooksPath only when a git worktree and git-hooks dir exist.
Evidence against
  • preinstall only emits a non-pnpm warning; no network or file writes.
  • postinstall comments and code say plugin deps are not installed during lifecycle; no npm/network execution seen.
  • postinstall path operations are bounded by package dist, node_modules/baileys hotfix, or AivibeClaw state migration/cleanup.
  • dist/index.js only loads CLI runtime when main; import path is inert aside from dynamic import of library exports.
  • Scanner secret/unicode hits appear to be bundled dependency/runtime code; no hardcoded exfiltration credential or Trojan Source control found in inspected file.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 4,699 file(s), 53.7 MB of source, external domains: 127.0.0.1, 169.254.169.254, 169.254.170.2, a.co, a2ui.org, account.minimax.io, account.minimaxi.com, accounts.feishu.cn, accounts.google.com, accounts.larksuite.com, ai.azure.com, ai.ollama.com, aiplatform.googleapis.com, aistudio.google.com, aivibeclaw.com, aka.ms, albumart.url, api-dashboard.search.brave.com, api-data.line.me, api.anthropic.com, api.botframework.azure.cn, api.botframework.com, api.botframework.us, api.chutes.ai, api.cohere.ai, api.deepgram.com, api.deepseek.com, api.dev.runwayml.com, api.example.com, api.github.com, api.individual.githubcopilot.com, api.line.me, api.minimax.io, api.minimaxi.com, api.mistral.ai, api.moonshot.ai, api.moonshot.cn, api.novita.ai, api.openai.com, api.pluralkit.me, api.push.apple.com, api.qrserver.com, api.sandbox.push.apple.com, api.search.brave.com, api.senseaudio.cn, api.synthetic.new, api.telegram.org, api.together.xyz, api.twilio.com, api.twitch.tv

Source & flagged code

21 flagged · loading source
package.jsonView file
scripts.preinstall = node scripts/preinstall-package-manager-warning.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/dist-CdD4a7gg.jsView file
5588patternName = private_key_rsa severity = critical line = 5588 matchedText = if (type...g");
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/dist-CdD4a7gg.jsView on unpkg · L5588
5588patternName = private_key_rsa severity = critical line = 5588 matchedText = if (type...g");
Critical
Secret Pattern

RSA private key in dist/dist-CdD4a7gg.js

dist/dist-CdD4a7gg.jsView on unpkg · L5588
13656patternName = generic_password severity = medium line = 13656 matchedText = passwo...
Medium
Secret Pattern

Hardcoded password in dist/dist-CdD4a7gg.js

dist/dist-CdD4a7gg.jsView on unpkg · L13656
21205patternName = generic_password severity = medium line = 21205 matchedText = passwo...
Medium
Secret Pattern

Hardcoded password in dist/dist-CdD4a7gg.js

dist/dist-CdD4a7gg.jsView on unpkg · L21205
scripts/postinstall-bundled-plugins.mjsView file
818} L819: const importModule = params.importModule ?? ((specifier) => import(specifier)); L820: return await importModule(resolveDistModuleUrl(packageRoot, distPath));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/postinstall-bundled-plugins.mjsView on unpkg · L818
dist/launchd-DrKxjPQa.jsView file
20import os from "node:os"; L21: import { spawn } from "node:child_process"; L22: //#region src/daemon/launchd-current-service.ts ... L24: /** Checks whether the current process appears to be running under the requested launchd label. */ L25: function [redacted](label, env = process.env, options = {}) { L26: const currentLabels = [ ... L144: } L145: function buildLaunchAgentPlist$1({ label, comment, programArguments, workingDirectory, stdoutPath, stderrPath, environment }) { L146: const argsXml = programArguments.map((arg) => `\n <string>${plistEscape(arg)}</string>`).join(""); ... L189: const label = resolveLaunchAgentLabel$1(env); L190: const home = normalizeOptionalString(env.HOME) || os.homedir(); L191: return {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/launchd-DrKxjPQa.jsView on unpkg · L20
dist/control-ui/assets/config-runtime-Chws_C6h.jsView file
2contains invisible/control Unicode U+FEFF (zero width no-break space) `?(o++,s=0):e?s+=e.length:s++,e&&(a+=e.length),e}var te={default(){switch(_){case` `:case`\v`:case`\f`:case` `:case`\xA0`:case`<U+FEFF>`:case`
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/control-ui/assets/config-runtime-Chws_C6h.jsView on unpkg · L2
deploy/announce-control-center.shView file
path = deploy/announce-control-center.sh kind = build_helper sizeBytes = 3778 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

deploy/announce-control-center.shView on unpkg
apps/zoozoo-android/gradle/wrapper/gradle-wrapper.jarView file
path = apps/zoozoo-android/gradle/wrapper/gradle-wrapper.jar kind = high_entropy_blob sizeBytes = 43583 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

apps/zoozoo-android/gradle/wrapper/gradle-wrapper.jarView on unpkg
path = apps/zoozoo-android/gradle/wrapper/gradle-wrapper.jar kind = compressed_blob sizeBytes = 43583 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

apps/zoozoo-android/gradle/wrapper/gradle-wrapper.jarView on unpkg
path = apps/zoozoo-android/gradle/wrapper/gradle-wrapper.jar kind = nested_archive_needs_inspection sizeBytes = 43583 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

apps/zoozoo-android/gradle/wrapper/gradle-wrapper.jarView on unpkg
dist/i18n-2H5-8AI2.jsView file
11patternName = generic_password severity = medium line = 11 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in dist/i18n-2H5-8AI2.js

dist/i18n-2H5-8AI2.jsView on unpkg · L11
dist/proxy-cli.runtime-BwJDobZm.jsView file
856patternName = generic_password severity = medium line = 856 matchedText = url.pass...ed";
Medium
Secret Pattern

Hardcoded password in dist/proxy-cli.runtime-BwJDobZm.js

dist/proxy-cli.runtime-BwJDobZm.jsView on unpkg · L856
docs/help/faq.mdView file
1511patternName = generic_password severity = medium line = 1511 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/help/faq.md

docs/help/faq.mdView on unpkg · L1511
docs/gateway/tailscale.mdView file
118patternName = generic_password severity = medium line = 118 matchedText = auth: { ..." },
Medium
Secret Pattern

Hardcoded password in docs/gateway/tailscale.md

docs/gateway/tailscale.mdView on unpkg · L118
docs/gateway/configuration-reference.mdView file
515patternName = generic_password severity = medium line = 515 matchedText = // passw...WORD
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L515
545patternName = generic_password severity = medium line = 545 matchedText = // passw...rd",
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L545
docs/gateway/config-channels.mdView file
756patternName = generic_password severity = medium line = 756 matchedText = password...D}",
Medium
Secret Pattern

Hardcoded password in docs/gateway/config-channels.md

docs/gateway/config-channels.mdView on unpkg · L756
docs/channels/matrix.mdView file
74patternName = generic_password severity = medium line = 74 matchedText = password...cret
Medium
Secret Pattern

Hardcoded password in docs/channels/matrix.md

docs/channels/matrix.mdView on unpkg · L74
docs/channels/irc.mdView file
206patternName = generic_password severity = medium line = 206 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/channels/irc.md

docs/channels/irc.mdView on unpkg · L206

Findings

3 Critical2 High19 Medium9 Low
CriticalCritical Secretdist/dist-CdD4a7gg.js
CriticalTrojan Source Unicodedist/control-ui/assets/config-runtime-Chws_C6h.js
CriticalSecret Patterndist/dist-CdD4a7gg.js
HighInstall Time Lifecycle Scriptspackage.json
HighShips High Entropy Blobapps/zoozoo-android/gradle/wrapper/gradle-wrapper.jar
MediumDynamic Requirescripts/postinstall-bundled-plugins.mjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/launchd-DrKxjPQa.js
MediumProtestware
MediumShips Build Helperdeploy/announce-control-center.sh
MediumShips Compressed Blobapps/zoozoo-android/gradle/wrapper/gradle-wrapper.jar
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/i18n-2H5-8AI2.js
MediumSecret Patterndist/dist-CdD4a7gg.js
MediumSecret Patterndist/dist-CdD4a7gg.js
MediumSecret Patterndist/proxy-cli.runtime-BwJDobZm.js
MediumSecret Patterndocs/help/faq.md
MediumSecret Patterndocs/gateway/tailscale.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/gateway/config-channels.md
MediumSecret Patterndocs/channels/matrix.md
MediumSecret Patterndocs/channels/irc.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNested Archive Needs Inspectionapps/zoozoo-android/gradle/wrapper/gradle-wrapper.jar