openclaw-map

The workflow implements a useful automation but introduces a moderate supply-chain risk by installing and executing an unpinned third-party npm package (openclaw@latest) on a scheduled public runner and posting its outputs verbatim to GitHub issues. There is no evidence inside the workflow of explicit malicious intent, but the pattern (unpinned install, dynamic require, npx execution, and direct publishing of package-derived content) could be abused by a compromised or malicious package to run arbitrary code, exfiltrate data, or inject misleading content. Recommended mitigations: pin to a known-good package version (and/or use package-lock or npm ci with a lockfile), add integrity verification (checksums or signed artifacts), avoid require-ing package modules that may execute top-level code (parse files without executing when possible), run the package in a sandboxed container or ephemeral VM, sanitize and limit content before posting to GitHub, and scope runner permissions and tokens to least privilege.