AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/mlclaw.mjs` runs Docker lifecycle commands, including persistent `--restart unless-stopped`, after explicit CLI actions.
- `entrypoint.sh` and `dist/mlclaw-space-runtime.js` create/configure an OpenClaw runtime and integration endpoints.
- `scripts/configure-telegram.mjs` and `scripts/configure-huggingface-model.mjs` write OpenClaw configuration from supplied environment values.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- The executable is an explicit `mlclaw` CLI, not import-time code.
- Docker commands use `execFile` with fixed command arguments rather than shell interpolation.
- Token handling in `dist/mlclaw.mjs` is for Hugging Face deployment authentication; no source-confirmed exfiltration path was found.
- `entrypoint.sh` unsets broad Hub tokens before launching the unprivileged OpenClaw process.
- No `eval`, `Function`, VM execution, or dynamic untrusted module loading was found in reviewed artifacts.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
dist/hf-state-sync.jsView on unpkg · L4946Source executes local commands and sends command output to an external endpoint.
dist/mlclaw.mjsView on unpkg · L47A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/mlclaw.mjsView on unpkg · L47Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/mlclaw.mjsView on unpkg · L47Source combines credential-like environment material and outbound requests; review data flow before blocking.
assets/hf-tooling/skills/huggingface-tool-builder/references/baseline_hf_api.tsxView on unpkg · L39This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/mlclaw-space-runtime.jsView on unpkg