AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a declared OpenClaw plugin that starts a local Forge runtime and proxies user-invoked Forge tool/API operations.
Decision evidence
public snapshot- dist/openclaw/local-runtime.js spawns the packaged Forge server and may run npm install --omit=dev --ignore-scripts for missing packaged dependencies.
- dist/openclaw/session-bootstrap.js registers an agent:bootstrap hook that adds .forge/generated/FORGE_SESSION_BOOTSTRAP.md to bootstrapFiles.
- dist/openclaw/api-client.js sends configured apiToken as Bearer only to the configured Forge baseUrl and bootstraps local/Tailscale sessions.
- package.json has no install/preinstall/postinstall/prepare lifecycle scripts; only build is defined.
- openclaw.plugin.json declares onStartup activation, localhost runtime auto-start, sensitive apiToken config, and bootstrap-context injection as plugin features.
- dist/openclaw/local-runtime.js limits auto-start to local origins and probes /api/v1/health on the configured localhost Forge URL.
- dist/server/apps/api/src/health-weight-loss.js is nutrition/health database logic; inspected portions do not exfiltrate env or credentials.
- Network use is package-aligned: local Forge API, configured LLM endpoints, OpenAI default profile, and weather widget endpoint; no hardcoded attacker endpoint found.
- No evidence of import/install-time credential harvesting, persistence outside declared runtime state/logs, destructive behavior, or reviewer/prompt manipulation.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/openclaw/local-runtime.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/openclaw/local-runtime.jsView on unpkg · L509Package source references dynamic require/import behavior.
dist/assets/motion-BryW_XlF.jsView on unpkg · L8Package source references weak cryptographic algorithms.
dist/openclaw/session-registry.jsView on unpkg · L52Source appears to send environment or credential material to an external endpoint.
dist/server/apps/api/src/health-weight-loss.jsView on unpkg · L252