AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Risky primitives are tied to the advertised Forge/OpenClaw local runtime, dev server, and optional agent context integration.
Decision evidence
public snapshot- dist/openclaw/local-runtime.js spawns a local Forge runtime and can run npm install --omit=dev --ignore-scripts when runtime deps are missing
- dist/openclaw/session-bootstrap.js injects generated Forge context into agent bootstrapFiles when config enables it
- dist/server/apps/api/src/web.js can shell-spawn a dev web command from FORGE_DEV_WEB_COMMAND in dev mode
- package.json has no install/preinstall/postinstall lifecycle hooks and only exports dist/openclaw/index.js
- Network calls are package-aligned: localhost Forge API, dev asset proxy, OpenFoodFacts, USDA FDC, calendar/model providers
- dist/server/apps/api/src/health-weight-loss.js uses FDC_API_KEY only in a request to api.nal.usda.gov, not as broad env exfiltration
- Child process use is runtime management/dev tooling, not hidden import-time execution
- Bootstrap injection is declared in openclaw.plugin.json/README and controlled by injectBootstrapContext
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/openclaw/local-runtime.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/openclaw/local-runtime.jsView on unpkg · L509Package source references dynamic require/import behavior.
dist/assets/motion-BryW_XlF.jsView on unpkg · L8Package source references weak cryptographic algorithms.
dist/openclaw/session-registry.jsView on unpkg · L52Source appears to send environment or credential material to an external endpoint.
dist/server/apps/api/src/health-weight-loss.jsView on unpkg · L252