AI Security Review
scanned 33m ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/acp-agent.js starts user-configured/default ACP subprocess and auto-answers permission requests with allow.
- dist/acp-agent.js sends Codex app-server turns with approvalPolicy never and sandbox dangerFullAccess.
- dist/cli.js exposes user-invoked upgrade/plugins install commands that run package managers.
- dist/cli.js plugins install uses execSync with interpolated package name from CLI input.
- package.json has no preinstall/install/postinstall hook; only prepublishOnly build.
- bin/ocg.cjs only spawns Node with package loader/CLI on explicit bin invocation.
- HTTP fetches in shims target configured agentUrl or localhost default for gateway function.
- Config writes are to ~/.openclaw-channel-gateway or OCG_CONFIG_PATH and occur via explicit CLI/config flows.
- No evidence of credential harvesting, stealth persistence, destructive actions, or hardcoded exfiltration endpoint.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/ocg.cjsView on unpkg · L11Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L807This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/acp-agent.jsView on unpkg