AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit setup provisions and authorizes an OpenClaw device with operator-admin permissions. It also disables OpenClaw control-UI device authentication in the package-created deployment. No install-time execution or confirmed exfiltration was found.
Decision evidence
public snapshot- `setup-config.js` writes OpenClaw config with `dangerouslyDisableDeviceAuth: true`.
- `setup-config.js` creates `pre-paired-device.json` and `devices/paired.json` with operator-admin scopes.
- `cli/index.js` runs setup configuration and injects the pre-paired identity during explicit setup/start.
- `docker-compose.local.yml` bind-mounts generated `openclaw-data` into `/root/.openclaw`.
- `auto-approve-devices.js` contains code to grant pending devices operator-admin scopes, though no package path invokes it.
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
- The privileged OpenClaw setup requires explicit `openvoiceui setup` and `openvoiceui start` commands.
- Reviewed setup/device scripts show no outbound network request or credential exfiltration.
- The elevated configuration is scoped to the package-created `openclaw-data` deployment, not existing host agent directories.
Source & flagged code
4 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
static/emulators/jsdos/js-dos.jsView on unpkg · L20Package source references dynamic require/import behavior.
inject-device-identity.jsView on unpkg · L14