AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a first-party Pi/OpenClaw extension that processes agent conversation context and stores local state. Optional dashboard and model integrations use loopback endpoints only. No confirmed malicious or outbound exfiltration path is established.
Decision evidence
public snapshot- `package.json` auto-registers a Pi extension and an OpenClaw plugin.
- `extensions/mega-compact.ts` registers lifecycle handlers, commands, dashboard controls, and conflict scanning on extension load.
- `extensions/conflict-scan.ts` reads installed peer-extension manifests and source at startup; it does not mutate them.
- `src/httpEmbedder.ts` and `src/dedup/raptor/summarizer.ts` can send conversation-derived text to user-configured local model services.
- `package.json` postinstall only rebuilds `@mongodb-js/zstd`; no foreign agent config mutation is present.
- Embedding and Ollama URLs are regex-restricted to `localhost` or `127.0.0.1`.
- Dashboard requests target loopback only and its child process is launched through user commands.
- No remote endpoint, credential harvesting, shell payload download, eval/vm use, or destructive behavior was found.
Source & flagged code
8 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/extensions/mega-dashboard-cmds.jsView on unpkg · L10Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/extensions/mega-dashboard-cmds.jsView on unpkg · L10Package source references dynamic require/import behavior.
dist/extensions/mega-dashboard-cmds.jsView on unpkg · L80A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/dedup/raptor/summarizer.jsView on unpkg · L13Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/src/dedup/raptor/summarizer.jsView on unpkg · L58This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/store/vectorIndex.jsView on unpkg