AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is established. The package is an OpenClaw/BGOS bridge that, when explicitly paired or run, stores a pairing token and relays messages between BGOS and the configured local gateway.
Decision evidence
public snapshot- `dist/pair-cli.js` writes BGOS pairing data to `~/.openclaw/secrets/bgos.json` after an explicit pairing call.
- `dist/daemon.js` runs a user-invoked sidecar that forwards BGOS inbound messages to a local OpenClaw gateway.
- `package.json` registers an OpenClaw extension and setup entrypoint.
- `package.json` has no preinstall, install, or postinstall lifecycle hooks.
- `dist/pair-cli.js` is exported but has no import-time invocation; its write is permissioned `0600`.
- No child-process, shell, eval, VM, dynamic module loading, or binary loading appears in `dist/*.js`.
- Network use is the declared BGOS service and configurable local OpenClaw gateway; no unrelated exfiltration endpoint was found.
- `dist/peers-server.js` binds its runtime server to `127.0.0.1` and enables bearer authentication by default.
Source & flagged code
3 flagged · loading source`dist/pair-cli.js` writes BGOS pairing data to `~/.openclaw/secrets/bgos.json` after an explicit pairing call.
dist/pair-cli.jsView on unpkg`dist/daemon.js` runs a user-invoked sidecar that forwards BGOS inbound messages to a local OpenClaw gateway.
dist/daemon.jsView on unpkg`package.json` registers an OpenClaw extension and setup entrypoint.
package.jsonView on unpkg