registry  /  openclaw-channel-bgos  /  0.14.0

openclaw-channel-bgos@0.14.0

OpenClaw channel plugin: chat with your OpenClaw agents in BGOS

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. This is a first-party OpenClaw channel extension and explicitly invoked daemon. At runtime it bridges BGOS messages to a configured local OpenClaw gateway and can persist a user-approved pairing token. No install-time mutation or concrete malicious payload was established.

Static reason
No blocking static signals were detected.
Trigger
OpenClaw loads the registered extension, or the user runs `bgos-openclaw-daemon` / `--pair`.
Impact
The configured BGOS service can exchange paired-chat data with the configured local OpenClaw gateway; the daemon also exposes an authenticated localhost peers API.
Mechanism
BGOS pairing and message bridge to a local OpenClaw gateway.
Rationale
Source inspection supports a guarded first-party agent extension rather than malware. It warrants a warning under the extension-lifecycle policy because it integrates with an AI-agent runtime and persists pairing credentials after user-invoked setup.
Evidence
package.jsonopenclaw.plugin.jsondist/index.jsdist/setup-entry.jsdist/daemon.jsdist/pair-cli.jsdist/bgos-api.jsdist/peers-server.js~/.openclaw/secrets/bgos.json
Network endpoints3
api.brandgrowthos.ai127.0.0.1:31847127.0.0.1

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` registers an OpenClaw extension and setup entry.
  • `dist/pair-cli.js` writes BGOS pairing credentials to `~/.openclaw/secrets/bgos.json` after explicit pairing.
  • `dist/daemon.js` forwards BGOS inbound messages to a local OpenClaw gateway and starts a localhost peers API.
  • `dist/bgos-api.js` sends pairing-authenticated requests to the configured BGOS API.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • No child-process, shell, eval, Function, dynamic import, or binary-loading primitive was found in `dist/*.js`.
  • Credential persistence is only reached through explicit `--pair` flows and uses mode `0600`.
  • `dist/peers-server.js` binds to `127.0.0.1` and defaults to per-process bearer authentication.
  • Network behavior is consistent with the declared BGOS/OpenClaw channel bridge.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 26 file(s), 208 KB of source, external domains: 127.0.0.1, api.brandgrowthos.ai

Source & flagged code

4 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` registers an OpenClaw extension and setup entry.

package.jsonView on unpkg
dist/pair-cli.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/pair-cli.js` writes BGOS pairing credentials to `~/.openclaw/secrets/bgos.json` after explicit pairing.

dist/pair-cli.jsView on unpkg
dist/daemon.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/daemon.js` forwards BGOS inbound messages to a local OpenClaw gateway and starts a localhost peers API.

dist/daemon.jsView on unpkg
dist/bgos-api.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/bgos-api.js` sends pairing-authenticated requests to the configured BGOS API.

dist/bgos-api.jsView on unpkg

Findings

6 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencepackage.json
MediumAi Review Evidencedist/pair-cli.js
MediumAi Review Evidencedist/daemon.js
MediumAi Review Evidencedist/bgos-api.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings