AI Security Review
scanned 7h ago · by lpm-firewall-aiNo confirmed malware or install-time attack behavior was found. The main unresolved risk is a user-invoked CLI command injection in plugin installation because the package name is interpolated into a shell command.
Decision evidence
public snapshot- dist/cli.js cmdPluginsInstall uses execSync(`npm install ${pkg}`) with CLI package argument in a shell
- dist/cli.js supports user-invoked detached background start via spawn(...,{detached:true})
- dist/plugin-loader.js dynamically imports channel plugin entry modules discovered from node_modules
- package.json has no consumer install/postinstall hook; prepublishOnly only runs build for publishing
- bin/ocg.cjs only spawns this package's dist/loader.js and dist/cli.js on explicit ocg CLI use
- Network calls are package-aligned: configured OpenAI-compatible agentUrl, local callback server, DingTalk login API
- Config/session writes stay under ~/.openclaw-channel-gateway or OCG_CONFIG_PATH; no foreign AI-agent control surface writes found
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/ocg.cjsView on unpkg · L11This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L658