registry  /  openclaw-channel-bgos  /  0.11.0

openclaw-channel-bgos@0.11.0

OpenClaw channel plugin — chat with your OpenClaw agents in BGOS

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is established. The package is an OpenClaw/BGOS bridge that, when explicitly paired or run, stores a pairing token and relays messages between BGOS and the configured local gateway.

Static reason
No blocking static signals were detected.
Trigger
Explicit `openclaw pair bgos <CODE>` pairing or execution of `bgos-openclaw-daemon`.
Impact
Can access the configured BGOS pairing and local OpenClaw gateway within the user's chosen integration scope.
Mechanism
User-configured AI-agent channel integration and message relay.
Rationale
This is not malicious by source evidence, but it is a first-party OpenClaw extension that performs explicit user-invoked agent setup and message bridging. Per policy, that lifecycle/control-surface risk warrants a warning rather than a block.
Evidence
package.jsonopenclaw.plugin.jsondist/pair-cli.jsdist/daemon.jsdist/bgos-api.jsdist/peers-server.js~/.openclaw/secrets/bgos.json
Network endpoints3
api.brandgrowthos.ai127.0.0.1:31847127.0.0.1:31848

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/pair-cli.js` writes BGOS pairing data to `~/.openclaw/secrets/bgos.json` after an explicit pairing call.
  • `dist/daemon.js` runs a user-invoked sidecar that forwards BGOS inbound messages to a local OpenClaw gateway.
  • `package.json` registers an OpenClaw extension and setup entrypoint.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hooks.
  • `dist/pair-cli.js` is exported but has no import-time invocation; its write is permissioned `0600`.
  • No child-process, shell, eval, VM, dynamic module loading, or binary loading appears in `dist/*.js`.
  • Network use is the declared BGOS service and configurable local OpenClaw gateway; no unrelated exfiltration endpoint was found.
  • `dist/peers-server.js` binds its runtime server to `127.0.0.1` and enables bearer authentication by default.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 23 file(s), 183 KB of source, external domains: 127.0.0.1, api.brandgrowthos.ai

Source & flagged code

3 flagged · loading source
dist/pair-cli.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/pair-cli.js` writes BGOS pairing data to `~/.openclaw/secrets/bgos.json` after an explicit pairing call.

dist/pair-cli.jsView on unpkg
dist/daemon.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/daemon.js` runs a user-invoked sidecar that forwards BGOS inbound messages to a local OpenClaw gateway.

dist/daemon.jsView on unpkg
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` registers an OpenClaw extension and setup entrypoint.

package.jsonView on unpkg

Findings

5 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/pair-cli.js
MediumAi Review Evidencedist/daemon.js
MediumAi Review Evidencepackage.json
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings