@a5c-ai/babysitter-openclaw
Babysitter plugin for OpenClaw AI agent with programmatic hook integration, orchestration skills, and SDK-managed process-library bootstrapping
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-spread | AI (semgrep): CLI orchestrator legitimately passes env to child processes; standard pattern. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): CLI bin uses spawnSync for subprocess orchestration; expected for this package type. | ai | |
| phantom-deps | phantom-dep:@a5c-ai/babysitter-sdk | AI (phantom-deps): Same-org SDK dep likely consumed by extensions/hooks loaded at runtime. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 5.0.0 | 1 / 0 |
v5.0.0
8 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-openclaw/blob/25c9003f33920711ad2df48f1032bb4238fdd9ba/bin/cli.cjs#L52 50 | cwd: process.cwd(), 51 | stdio: 'inherit', > 52 | env: { ...process.env, ...extraEnv }, 53 | }); 54 | process.exitCode = result.status ?? 1;
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-openclaw/blob/25c9003f33920711ad2df48f1032bb4238fdd9ba/bin/install-shared.cjs#L133 131 | spawnSync(process.execPath, [postInstall], { 132 | cwd: pluginRoot, stdio: 'inherit', > 133 | env: { ...process.env, PLUGIN_ROOT: pluginRoot }, 134 | }); 135 | }
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-openclaw/blob/25c9003f33920711ad2df48f1032bb4238fdd9ba/bin/install-shared.cjs#L160 158 | timeout: options.timeout || 120000, 159 | cwd: options.cwd || process.cwd(), > 160 | env: { ...process.env, ...options.env }, 161 | }); 162 | return result;
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-openclaw/blob/25c9003f33920711ad2df48f1032bb4238fdd9ba/extensions/hooks/agent-end.ts#L17 15 | stdio: ["pipe", "pipe", "pipe"], 16 | timeout: 30000, > 17 | env: { ...process.env, ADAPTER_NAME: "openclaw", PLUGIN_ROOT }, 18 | }); 19 | } catch { /* best-effort */ }
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-openclaw/blob/25c9003f33920711ad2df48f1032bb4238fdd9ba/extensions/hooks/before-prompt-build.ts#L17 15 | stdio: ["pipe", "pipe", "pipe"], 16 | timeout: 30000, > 17 | env: { ...process.env, ADAPTER_NAME: "openclaw", PLUGIN_ROOT }, 18 | }); 19 | } catch { /* best-effort */ }
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-openclaw/blob/25c9003f33920711ad2df48f1032bb4238fdd9ba/extensions/hooks/session-end.ts#L17 15 | stdio: ["pipe", "pipe", "pipe"], 16 | timeout: 30000, > 17 | env: { ...process.env, ADAPTER_NAME: "openclaw", PLUGIN_ROOT }, 18 | }); 19 | } catch { /* best-effort */ }
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/a5c-ai/babysitter-openclaw/blob/25c9003f33920711ad2df48f1032bb4238fdd9ba/extensions/hooks/session-start.ts#L17 15 | stdio: ["pipe", "pipe", "pipe"], 16 | timeout: 30000, > 17 | env: { ...process.env, ADAPTER_NAME: "openclaw", PLUGIN_ROOT }, 18 | }); 19 | } catch { /* best-effort */ }
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.