AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a Forge/OpenClaw adapter that can start a localhost Forge runtime, proxy configured Forge API calls, and expose user-invoked tools.
Decision evidence
public snapshot- package.json has no install/postinstall/preinstall lifecycle hooks; only a build script is declared.
- dist/openclaw/local-runtime.js child_process use is localhost runtime management: starts packaged Forge server, npm install uses --ignore-scripts, writes state/logs under ~/.openclaw.
- dist/openclaw/api-client.js sends configured apiToken only as Bearer to configured Forge baseUrl and can bootstrap only localhost/Tailscale operator sessions.
- dist/openclaw/session-bootstrap.js injects generated Forge context on agent bootstrap, but this is declared plugin functionality with config flag injectBootstrapContext.
- dist/server/apps/api/src/health-weight-loss.js network calls are nutrition/model-provider features to OpenFoodFacts, USDA FDC, or configured ChatGPT/OpenAI profile; no env/credential harvesting found.
- dist/server/apps/api/src/services/gamification-assets.js downloads fixed GitHub asset archives with SHA-256 validation before extraction.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/openclaw/local-runtime.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/openclaw/local-runtime.jsView on unpkg · L509Package source references dynamic require/import behavior.
dist/assets/motion-BryW_XlF.jsView on unpkg · L8Package source references weak cryptographic algorithms.
dist/openclaw/session-registry.jsView on unpkg · L52Source appears to send environment or credential material to an external endpoint.
dist/server/apps/api/src/health-weight-loss.jsView on unpkg · L252