AI Security Review
scanned 1d ago · by lpm-firewall-aiNo source-grounded attack surface could be determined because package files were not inspected.
Decision evidence
public snapshot- Inspection failed before any package files could be read due to an accidental premature finalization path.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/openclaw/local-runtime.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/openclaw/local-runtime.jsView on unpkg · L509Package source references dynamic require/import behavior.
dist/assets/motion-DwXAg6uM.jsView on unpkg · L8Package source references weak cryptographic algorithms.
dist/openclaw/session-registry.jsView on unpkg · L52Source appears to send environment or credential material to an external endpoint.
dist/server/apps/api/src/health-weight-loss.jsView on unpkg · L252