AI Security Review
scanned 1d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. This is a first-party Pi/OpenClaw extension that processes agent context and writes its own local state. Its optional dashboard starts only from an explicit user command and serves loopback HTTP. No confirmed malicious attack chain is present.
Decision evidence
public snapshot- `package.json` declares Pi and OpenClaw extension entrypoints.
- `extensions/mega-compact.ts` registers runtime hooks and user commands.
- `mega-dashboard` can spawn a detached local dashboard process.
- Local state and session data are persisted under the package state directory.
- `package.json` has no preinstall/install/postinstall hook; only prepublishOnly builds.
- `src/httpEmbedder.ts` rejects non-loopback embedding URLs.
- `src/dedup/raptor/summarizer.ts` rejects non-loopback Ollama URLs.
- Dashboard launch is an explicit `mega-dashboard` command with browser confirmation.
- Observed network targets are localhost/127.0.0.1 only; no remote exfiltration path found.
- No destructive commands, credential harvesting, or foreign agent-config mutation found.
Source & flagged code
5 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/extensions/mega-compact.jsView on unpkgPackage source references child process execution.
dist/extensions/mega-compact.jsView on unpkg · L40Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/extensions/mega-compact.jsView on unpkg · L40A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/dedup/raptor/summarizer.jsView on unpkg · L13Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/src/dedup/raptor/summarizer.jsView on unpkg · L58