2 suspicious code pattern Sign need help #41
Description
azureuser@smart-call-vm:~$ curl -fsSL https://blockrun.ai/ClawRouter-update | bash
🦞 ClawRouter Reinstall
→ Removing plugin files...
→ Cleaning config entries...
Config cleaned
→ Stopping old proxy...
→ Cleaning models cache...
→ Injecting auth profile...
Auth profile already exists
→ Finalizing setup...
→ Installing ClawRouter...
🦞 OpenClaw 2026.2.6-3 (85ed6c7) — No $999 stand required.
Downloading @blockrun/clawrouter…
Extracting /tmp/openclaw-npm-pack-Mts9Xd/blockrun-clawrouter-0.9.34.tgz…
Plugin "clawrouter" has 2 suspicious code pattern(s). Run "openclaw security audit --deep" for details.
Installing to /home/azureuser/.openclaw/extensions/clawrouter…
Installing plugin dependencies…
Installed plugin: clawrouter
Restart the gateway to load plugins.
→ Verifying installation...
✓ dist/index.js verified
→ Refreshing BlockRun models catalog...
blockrun minimax config already up to date
→ Adding to plugins allow list...
Added clawrouter to plugins.allow
✓ Done! Smart routing enabled by default.
Run: openclaw gateway restart
Model aliases available:
/model sonnet → claude-sonnet-4
/model opus → claude-opus-4
/model codex → openai/gpt-5.2-codex
/model deepseek → deepseek/deepseek-chat
/model minimax → minimax/minimax-m2.5
/model free → gpt-oss-120b (FREE)
To uninstall: bash /.openclaw/extensions/clawrouter/scripts/uninstall.sh$ openclaw security audit --deep
azureuser@smart-call-vm:
04:31:24 [plugins] BlockRun provider registered (30+ models via x402)
04:31:24 [plugins] Not in gateway mode — proxy will start when gateway runs
🦞 OpenClaw 2026.2.6-3 (85ed6c7) — Shell yeah—I'm here to pinch the toil and leave you the glory.
OpenClaw security audit
Summary: 2 critical · 2 warn · 1 info
Run deeper: openclaw security audit --deep
CRITICAL
fs.config.perms_writable Config file is writable by others
/home/azureuser/.openclaw/openclaw.json mode=664; another user could change gateway/auth/tool policies.
Fix: chmod 600 /home/azureuser/.openclaw/openclaw.json
fs.credentials_dir.perms_writable Credentials dir is writable by others
/home/azureuser/.openclaw/credentials mode=775; another user could drop/modify credential files.
Fix: chmod 700 /home/azureuser/.openclaw/credentials
WARN
gateway.trusted_proxies_missing Reverse proxy headers are not trusted
gateway.bind is loopback and gateway.trustedProxies is empty. If you expose the Control UI through a reverse proxy, configure trusted proxies so local-client checks cannot be spoofed.
Fix: Set gateway.trustedProxies to your proxy IPs or keep the Control UI local-only.
plugins.code_safety Plugin "clawrouter" contains suspicious code patterns
Found 2 warning(s) in 4 scanned file(s):
- [potential-exfiltration] File read combined with network send — possible data exfiltration (dist/index.js:1954)
- [potential-exfiltration] File read combined with network send — possible data exfiltration (dist/cli.js:1916)
Fix: Review the flagged code to ensure it is intentional and safe.
INFO
summary.attack_surface Attack surface summary
groups: open=0, allowlist=1
tools.elevated: enabled
hooks: disabled
browser control: enabled
azureuser@smart-call-vm:~$ openclaw gateway restart
04:33:23 [plugins] BlockRun provider registered (30+ models via x402)
🦞 OpenClaw 2026.2.6-3 (85ed6c7) — I'm not saying your workflow is chaotic... I'm just bringing a linter and a helmet.
[ClawRouter] ✓ Loaded existing wallet from /home/azureuser/.openclaw/blockrun/wallet.key
04:33:24 [plugins] Using saved wallet: 0xd394Bb2DBdF6d898b3810664968202F41E2f8B5C
04:33:24 [plugins] BlockRun x402 proxy listening on port 8402
04:33:24 [plugins] ClawRouter ready — smart routing enabled
04:33:24 [plugins] Pricing: Simple ~$0.001 | Code ~$0.01 | Complex ~$0.05 | Free: $0
04:33:25 [plugins] Wallet: 0xd394Bb2DBdF6d898b3810664968202F41E2f8B5C | Balance: $0.33 (low)
Restarted systemd service: openclaw-gateway.service