Agent-driven installs need a cooldown gate.
AI coding agent security is not only prompt injection and secrets. The boring, high-leverage guard is dependency age: an agent should not blindly install a package minutes after release.
Why 健人くん cares
OpenClaw/ひめの already treats external plugins and skills as executable supply chain. The same rule should apply to
pnpm add: make the harness check package age before the model gets to be helpful.The pattern
RiskZenn's AI-agent security note calls out credential exposure, prompt injection, dependency attacks, and vulnerable generated code as normal development risks.
Controlpnpm has
minimumReleaseAge; Dependabot has cooldown fields such as default-days and semver-specific delays.Harness moveWhen an agent proposes a new package, require package name, release age, source/maintainer check, and why existing deps are insufficient.
Steal this for OpenClaw
- Add a read-only scanner for workspaces with
package.jsonandpnpm-lock.yaml. - Report whether
minimumReleaseAgeor Dependabot cooldown exists. - Teach agent instructions: new runtime dependencies need a small dependency-intake note before install.
- Do not install new external CLIs/plugins as the fix. First make the local gate visible.