@aporthq/aport-agent-guardrails
Policy enforcement guardrails for OpenClaw-compatible agent frameworks
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-spread | AI (semgrep): env-spread is used to pass process.env to a child process spawn call — standard pattern, not exfiltration. | ai | |
| install-scripts | install-script:install | AI (install-scripts): Makefile-conditional install guard; standard build tooling pattern, no arbitrary remote code execution. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Standard Buffer.from base64 decode in a crypto-utils helper; not obfuscation or payload hiding. | ai |
Versions (showing 7 of 7)
| Version | Deps | Published |
|---|---|---|
| 1.0.27 | 0 / 3 | |
| 1.0.26 | 0 / 3 | |
| 1.0.25 | 0 / 3 | |
| 1.0.24 | 0 / 3 | |
| 1.0.23 | 0 / 3 | |
| 1.0.22 | 0 / 3 | |
| 1.0.9 | 0 / 3 |
v1.0.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.24
2 findingsScript: ([ -f Makefile ] && make install) || true
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.23
2 findingsScript: ([ -f Makefile ] && make install) || true
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.22
2 findingsScript: ([ -f Makefile ] && make install) || true
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.9
4 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/aporthq/aport-agent-guardrails/blob/996672d66bc48b65bc6d3abfd092113c0c7f0743/extensions/openclaw-aport/index.js#L515 513 | return new Promise((resolve, reject) => { 514 | const proc = spawn(guardrailScript, [toolName, contextJson], { > 515 | env: { 516 | ...process.env, 517 | OPENCLAW_PASSPORT_FILE: passportFile,
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/aporthq/aport-agent-guardrails/blob/996672d66bc48b65bc6d3abfd092113c0c7f0743/extensions/openclaw-aport/index.ts#L420 418 | return new Promise((resolve, reject) => { 419 | const proc = spawn(guardrailScript, [toolName, contextJson], { > 420 | env: { 421 | ...process.env, 422 | OPENCLAW_PASSPORT_FILE: passportFile,
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/aporthq/aport-agent-guardrails/blob/996672d66bc48b65bc6d3abfd092113c0c7f0743/extensions/openclaw-aport/test.js#L241 239 | new Promise((resolve, reject) => { 240 | const proc = spawn(GUARDRAIL_SCRIPT, [toolName, contextJson], { > 241 | env: { 242 | ...process.env, 243 | OPENCLAW_PASSPORT_FILE: passportPath,
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.