registry  /  forge-openclaw-plugin  /  0.3.25

forge-openclaw-plugin@0.3.25

Curated OpenClaw adapter for the Forge collaboration API, UI entrypoint, and localhost auto-start runtime.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No source-grounded attack surface could be determined because package files were not inspected.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
unknown
Impact
unknown
Mechanism
unknown
Rationale
This is not a valid security verdict because filesystem inspection was not completed.

Decision evidence

public snapshot
AI called this Manual Review at 0.0% confidence as Unknown with high false-positive risk.
Evidence for warning
  • Inspection failed before any package files could be read due to an accidental premature finalization path.
Evidence against
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsMinifiedProtestwareTelemetryUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 323 file(s), 9.74 MB of source, external domains: 127.0.0.1, accounts.google.com, api.nal.usda.gov, api.open-meteo.com, api.openai.com, apidata.googleusercontent.com, auth.openai.com, bit.ly, caldav.example.com, caldav.icloud.com, cdn.who.int, chatgpt.com, console.cloud.google.com, developers.google.com, example.com, forge.local, github.com, graph.microsoft.com, iris.who.int, learn.microsoft.com, login.microsoftonline.com, maplibre.org, mhpssknowledgehub.sph.cuny.edu, oauth2.googleapis.com, open.spotify.com, openclaw.local, openidconnect.googleapis.com, pro.reactflow.dev, radix-ui.com, react-dnd.github.io, react.dev, reactflow.dev, reactjs.org, redux-toolkit.js.org, redux.js.org, support.apple.com, tile.openstreetmap.org, world.openfoodfacts.org, www.anima.com.au, www.apple.com, www.googleapis.com, www.phqscreeners.com, www.ptsd.va.gov, www.w3.org, www.who.int

    Source & flagged code

    7 flagged · loading source
    dist/openclaw/local-runtime.jsView file
    1import { spawn } from "node:child_process"; L2: import { closeSync, existsSync, mkdirSync, openSync } from "node:fs";
    High
    Child Process

    Package source references child process execution.

    dist/openclaw/local-runtime.jsView on unpkg · L1
    509const enableManagedDevWeb = shouldEnableManagedDevWeb(plan); L510: const child = spawn(process.execPath, args, { L511: cwd: plan.packageRoot, L512: env: { L513: ...process.env, L514: HOST: "127.0.0.1", ... L518: ? { L519: FORGE_DEV_WEB_ORIGIN: process.env.FORGE_DEV_WEB_ORIGIN ?? "http://127.0.0.1:3027/forge/" L520: }
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/openclaw/local-runtime.jsView on unpkg · L509
    dist/server/apps/api/src/web.jsView file
    70env: input.env, L71: shell: true L72: };
    High
    Shell

    Package source references shell execution.

    dist/server/apps/api/src/web.jsView on unpkg · L70
    dist/assets/motion-DwXAg6uM.jsView file
    8} L9: `),()=>{var R;(R=a.current)==null||R.removeAttribute("data-motion-pop-id"),C.contains(P)&&C.removeChild(P)}},[e]),nt.jsx(Tu,{isPresent:e,childRef:a,sizeRef:l,pop:r,children:r===!1?...
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/assets/motion-DwXAg6uM.jsView on unpkg · L8
    dist/openclaw/session-registry.jsView file
    52path: "/api/v1/agents/sessions", L53: body: { L54: provider: SESSION_PROVIDER, L55: agentLabel: process.env.FORGE_AGENT_LABEL?.trim() || DEFAULT_RUNTIME_AGENT_LABEL, L56: agentType: SESSION_PROVIDER,
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    dist/openclaw/session-registry.jsView on unpkg · L52
    dist/server/apps/api/src/health-weight-loss.jsView file
    252if (!candidate) { L253: return Intl.DateTimeFormat().resolvedOptions().timeZone || "UTC"; L254: } ... L296: try { L297: const parsed = JSON.parse(value); L298: return parsed ?? fallback; ... L1987: async function searchOpenFoodFacts(query, limit) { L1988: const url = new URL("https://world.openfoodfacts.org/cgi/search.pl"); L1989: url.searchParams.set("search_terms", query); ... L2005: async function lookupOpenFoodFactsBarcode(barcode) { L2006: const response = await fetch(`https://world.openfoodfacts.org/api/v2/product/${encodeURIComponent(barcode)}.json`, { headers: { accept: "application/json" } }); L2007: if (!response.ok) {
    Critical
    Credential Exfiltration

    Source appears to send environment or credential material to an external endpoint.

    dist/server/apps/api/src/health-weight-loss.jsView on unpkg · L252
    dist/favicon.icoView file
    path = dist/favicon.ico kind = high_entropy_blob sizeBytes = 12681 magicHex = [redacted]
    High
    Ships High Entropy Blob

    Package ships high-entropy non-source blobs.

    dist/favicon.icoView on unpkg

    Findings

    1 Critical4 High5 Medium6 Low
    CriticalCredential Exfiltrationdist/server/apps/api/src/health-weight-loss.js
    HighChild Processdist/openclaw/local-runtime.js
    HighShelldist/server/apps/api/src/web.js
    HighSame File Env Network Executiondist/openclaw/local-runtime.js
    HighShips High Entropy Blobdist/favicon.ico
    MediumDynamic Requiredist/assets/motion-DwXAg6uM.js
    MediumNetwork
    MediumEnvironment Vars
    MediumProtestware
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowWeak Cryptodist/openclaw/session-registry.js
    LowFilesystem
    LowHigh Entropy Strings
    LowTelemetry
    LowUrl Strings