AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Loading the OpenClaw extension can start its bundled Forge service for localhost and register agent hooks/tools. New sessions can receive Forge data as generated bootstrap context. No npm install-time mutation or confirmed malicious exfiltration is present.
Decision evidence
public snapshot- `openclaw.plugin.json` activates on startup and registers extensive agent tools.
- `dist/openclaw/local-runtime.js` auto-starts a local Forge server and writes runtime state/logs under `~/.openclaw`.
- `dist/openclaw/session-bootstrap.js` injects Forge-derived session context during `agent:bootstrap`.
- `dist/server/apps/api/src/services/macos-calendar-helper.js` compiles/runs a local macOS Calendar helper after platform and permission checks.
- `package.json` has no npm preinstall/install/postinstall lifecycle script.
- `dist/openclaw/api-client.js` sends Forge credentials only to the user-configured Forge base URL.
- `dist/server/apps/api/src/health-weight-loss.js` external requests are feature-specific nutrition lookups, not environment harvesting.
- No concrete secret exfiltration, remote payload loading, eval/vm use, or stealth persistence found.
- `dist/favicon.ico` is a normal Windows icon resource, not an opaque executable payload.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
dist/openclaw/local-runtime.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/openclaw/local-runtime.jsView on unpkg · L509Package source references dynamic require/import behavior.
dist/assets/graph-CE7RmeLj.jsView on unpkg · L317Package source references weak cryptographic algorithms.
dist/openclaw/session-registry.jsView on unpkg · L52Source appears to send environment or credential material to an external endpoint.
dist/server/apps/api/src/health-weight-loss.jsView on unpkg · L249This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/server/apps/api/src/services/macos-calendar-helper.jsView on unpkg