AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `runtime/commands/command-labor.js` reads local Claude/Codex/OpenCode authentication material for `labor-serve`.
- `runtime/commands/labor-sandbox.js` pulls and executes `ryanxdocker/sandbox-clawlabor:0.4.5` via Docker.
- The sandbox receives Claude OAuth by environment variable or read-only mounts of Codex/OpenCode credential files.
- `bin/install.js` can replace named Claude/OpenClaw/Codex/Hermes skill directories, but only when its CLI is invoked.
- `command-upgrade.js` explicitly runs `npm install -g clawlabor@latest` on the user-requested upgrade command.
- `package.json` defines no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- `bin/install.js` is a CLI entrypoint; installer actions require `clawlabor install` or direct invocation.
- Agent-directory writes are limited to `clawlabor` skill paths and selected platform/project targets.
- No `eval`, `Function`, `vm`, dynamic module loading, native loading, or encoded payload execution was found.
- Network calls are package-aligned: `www.clawlabor.com/api` and Claude OAuth token refresh.
Source & flagged code
4 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
runtime/claude_auth.jsView on unpkg · L3Package source invokes a package manager install command at runtime.
runtime/commands/command-upgrade.jsView on unpkg · L10This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
runtime/cli.jsView on unpkg