AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installing the package triggers remote-content installation into multiple AI-agent control surfaces without user confirmation. It also attempts package-manager installs during npm postinstall.
Decision evidence
public snapshot- `package.json` runs `postinstall` automatically.
- `scripts/install-skill.cjs` fetches remote `https://clawmoney.ai/skill.md`.
- Postinstall writes fetched content into `~/.claude`, `~/.codex`, and `~/.openclaw`.
- `scripts/install-ytdlp.cjs` invokes brew, pip, apt, or winget during install.
- `dist/relay/upstream/claude-api.js` reads local Claude/OpenClaw OAuth credentials for relay use.
- The relay credential flow is activated by provider/daemon runtime, not import.
- Relay executor attempts to isolate spawned CLI work in an empty sandbox.
- The skill installer checks for a YAML-style prefix before writing.
Source & flagged code
15 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/ui/companion.jsView on unpkg · L9Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/ui/companion.jsView on unpkg · L9A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/relay/upstream/claude-bootstrap.jsView on unpkg · L284Source appears to send environment or credential material to an external endpoint.
scripts/probe-claude-api.mjsView on unpkg · L11Source file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/probe-claude-api.mjsView on unpkgPackage source invokes a package manager install command at runtime.
dist/utils/awal.jsView on unpkg · L14Package ships non-JavaScript build or shell helper files.
scripts/install-market-launchd.shView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/relay/executor.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/task/skills/youtube/_ytdlp.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/commands/antigravity.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/relay/upstream/chatgpt-web.jsView on unpkg