AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Confirmed first-party agent-tooling setup in the deployed ML Claw workspace, plus deployment management that stores Hugging Face/OpenClaw secrets and controls Docker or Hugging Face Spaces. This is package-aligned but mutates an AI-agent workspace control surface.
Decision evidence
public snapshot- dist/hf-tooling-seed.js copies bundled skills into workspace .agents/skills and skills and writes AGENTS.md context.
- entrypoint.sh runs hf-tooling-seed.js inside the deployed runtime workspace.
- dist/mlclaw.mjs writes local deployment manifests and secret env files under the mlclaw config root.
- dist/mlclaw.mjs user commands can set Hugging Face Space variables/secrets and run Docker containers.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- Risky behavior is behind explicit mlclaw CLI/deployed runtime actions, not npm install or import.
- Network use is package-aligned: Hugging Face deployment/state APIs, Telegram getMe validation, Docker image pull.
- No source evidence of credential exfiltration to unrelated endpoints, destructive behavior, remote payload execution, or stealth persistence.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
dist/hf-state-sync.jsView on unpkg · L4863Source executes local commands and sends command output to an external endpoint.
dist/mlclaw.mjsView on unpkg · L47A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/mlclaw.mjsView on unpkg · L47Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/mlclaw.mjsView on unpkg · L47Source combines credential-like environment material and outbound requests; review data flow before blocking.
assets/hf-tooling/skills/huggingface-tool-builder/references/baseline_hf_api.tsxView on unpkg · L39This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/mlclaw-space-runtime.jsView on unpkg