github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 03:41:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: rename to openclaw

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-30 03:15:10 +01:00
parent 4583f88626
commit 9a7160786a
2357 changed files with 16688 additions and 16788 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/security/audit-extra.ts
View File

@@ -3,7 +3,7 @@ import path from "node:path";
import JSON5 from "json5";
import type { MoltbotConfig, ConfigFileSnapshot } from "../config/config.js";
import type { OpenClawConfig, ConfigFileSnapshot } from "../config/config.js";
import { createConfigIO } from "../config/config.js";
import { resolveNativeSkillsEnabled } from "../config/commands.js";
import { resolveOAuthDir } from "../config/paths.js";
@@ -48,7 +48,7 @@ function expandTilde(p: string, env: NodeJS.ProcessEnv): string | null {
return null;
}
function summarizeGroupPolicy(cfg: MoltbotConfig): {
function summarizeGroupPolicy(cfg: OpenClawConfig): {
open: number;
allowlist: number;
other: number;
@@ -69,7 +69,7 @@ function summarizeGroupPolicy(cfg: MoltbotConfig): {
return { open, allowlist, other };
}
export function collectAttackSurfaceSummaryFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
export function collectAttackSurfaceSummaryFindings(cfg: OpenClawConfig): SecurityAuditFinding[] {
const group = summarizeGroupPolicy(cfg);
const elevated = cfg.tools?.elevated?.enabled !== false;
const hooksEnabled = cfg.hooks?.enabled === true;
@@ -116,7 +116,7 @@ export function collectSyncedFolderFindings(params: {
severity: "warn",
title: "State/config path looks like a synced folder",
detail: `stateDir=${params.stateDir}, configPath=${params.configPath}. Synced folders (iCloud/Dropbox/OneDrive/Google Drive) can leak tokens and transcripts onto other devices.`,
remediation: `Keep CLAWDBOT_STATE_DIR on a local-only volume and re-run "${formatCliCommand("moltbot security audit --fix")}".`,
remediation: `Keep OPENCLAW_STATE_DIR on a local-only volume and re-run "${formatCliCommand("openclaw security audit --fix")}".`,
});
}
return findings;
@@ -127,7 +127,7 @@ function looksLikeEnvRef(value: string): boolean {
return v.startsWith("${") && v.endsWith("}");
}
export function collectSecretsInConfigFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
export function collectSecretsInConfigFindings(cfg: OpenClawConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
const password =
typeof cfg.gateway?.auth?.password === "string" ? cfg.gateway.auth.password.trim() : "";
@@ -139,7 +139,7 @@ export function collectSecretsInConfigFindings(cfg: MoltbotConfig): SecurityAudi
detail:
"gateway.auth.password is set in the config file; prefer environment variables for secrets when possible.",
remediation:
"Prefer CLAWDBOT_GATEWAY_PASSWORD (env) and remove gateway.auth.password from disk.",
"Prefer OPENCLAW_GATEWAY_PASSWORD (env) and remove gateway.auth.password from disk.",
});
}
@@ -157,7 +157,7 @@ export function collectSecretsInConfigFindings(cfg: MoltbotConfig): SecurityAudi
return findings;
}
export function collectHooksHardeningFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
export function collectHooksHardeningFindings(cfg: OpenClawConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
if (cfg.hooks?.enabled !== true) return findings;
@@ -215,7 +215,7 @@ function addModel(models: ModelRef[], raw: unknown, source: string) {
models.push({ id, source });
}
function collectModels(cfg: MoltbotConfig): ModelRef[] {
function collectModels(cfg: OpenClawConfig): ModelRef[] {
const out: ModelRef[] = [];
addModel(out, cfg.agents?.defaults?.model?.primary, "agents.defaults.model.primary");
for (const f of cfg.agents?.defaults?.model?.fallbacks ?? [])
@@ -286,7 +286,7 @@ function isClaude45OrHigher(id: string): boolean {
return /\bclaude-[^\s/]*?(?:-4-?5\b|4\.5\b)/i.test(id);
}
export function collectModelHygieneFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
export function collectModelHygieneFindings(cfg: OpenClawConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
const models = collectModels(cfg);
if (models.length === 0) return findings;
@@ -381,7 +381,7 @@ function pickToolPolicy(config?: { allow?: string[]; deny?: string[] }): Sandbox
}
function resolveToolPolicies(params: {
cfg: MoltbotConfig;
cfg: OpenClawConfig;
agentTools?: AgentToolsConfig;
sandboxMode?: "off" | "non-main" | "all";
agentId?: string | null;
@@ -405,7 +405,7 @@ function resolveToolPolicies(params: {
return policies;
}
function hasWebSearchKey(cfg: MoltbotConfig, env: NodeJS.ProcessEnv): boolean {
function hasWebSearchKey(cfg: OpenClawConfig, env: NodeJS.ProcessEnv): boolean {
const search = cfg.tools?.web?.search;
return Boolean(
search?.apiKey ||
@@ -416,20 +416,20 @@ function hasWebSearchKey(cfg: MoltbotConfig, env: NodeJS.ProcessEnv): boolean {
);
}
function isWebSearchEnabled(cfg: MoltbotConfig, env: NodeJS.ProcessEnv): boolean {
function isWebSearchEnabled(cfg: OpenClawConfig, env: NodeJS.ProcessEnv): boolean {
const enabled = cfg.tools?.web?.search?.enabled;
if (enabled === false) return false;
if (enabled === true) return true;
return hasWebSearchKey(cfg, env);
}
function isWebFetchEnabled(cfg: MoltbotConfig): boolean {
function isWebFetchEnabled(cfg: OpenClawConfig): boolean {
const enabled = cfg.tools?.web?.fetch?.enabled;
if (enabled === false) return false;
return true;
}
function isBrowserEnabled(cfg: MoltbotConfig): boolean {
function isBrowserEnabled(cfg: OpenClawConfig): boolean {
try {
return resolveBrowserConfig(cfg.browser, cfg).enabled;
} catch {
@@ -438,7 +438,7 @@ function isBrowserEnabled(cfg: MoltbotConfig): boolean {
}
export function collectSmallModelRiskFindings(params: {
cfg: MoltbotConfig;
cfg: OpenClawConfig;
env: NodeJS.ProcessEnv;
}): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
@@ -517,7 +517,7 @@ export function collectSmallModelRiskFindings(params: {
}
export async function collectPluginsTrustFindings(params: {
cfg: MoltbotConfig;
cfg: OpenClawConfig;
stateDir: string;
}): Promise<SecurityAuditFinding[]> {
const findings: SecurityAuditFinding[] = [];
@@ -750,7 +750,7 @@ export async function collectIncludeFilePermFindings(params: {
}
export async function collectStateDeepFilesystemFindings(params: {
cfg: MoltbotConfig;
cfg: OpenClawConfig;
env: NodeJS.ProcessEnv;
stateDir: string;
platform?: NodeJS.Platform;
@@ -905,7 +905,7 @@ export async function collectStateDeepFilesystemFindings(params: {
return findings;
}
function listGroupPolicyOpen(cfg: MoltbotConfig): string[] {
function listGroupPolicyOpen(cfg: OpenClawConfig): string[] {
const out: string[] = [];
const channels = cfg.channels as Record<string, unknown> | undefined;
if (!channels || typeof channels !== "object") return out;
@@ -926,7 +926,7 @@ function listGroupPolicyOpen(cfg: MoltbotConfig): string[] {
return out;
}
export function collectExposureMatrixFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
export function collectExposureMatrixFindings(cfg: OpenClawConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
const openGroups = listGroupPolicyOpen(cfg);
if (openGroups.length === 0) return findings;

192
src/security/audit.test.ts
View File

@@ -1,6 +1,6 @@
import { afterEach, beforeEach, describe, expect, it } from "vitest";
import type { MoltbotConfig } from "../config/config.js";
import type { OpenClawConfig } from "../config/config.js";
import type { ChannelPlugin } from "../channels/plugins/types.js";
import { runSecurityAudit } from "./audit.js";
import { discordPlugin } from "../../extensions/discord/src/channel.js";
@@ -14,7 +14,7 @@ const isWindows = process.platform === "win32";
describe("security audit", () => {
it("includes an attack surface summary (info)", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
channels: { whatsapp: { groupPolicy: "open" }, telegram: { groupPolicy: "allowlist" } },
tools: { elevated: { enabled: true, allowFrom: { whatsapp: ["+1"] } } },
hooks: { enabled: true },
@@ -35,7 +35,7 @@ describe("security audit", () => {
});
it("flags non-loopback bind without auth as critical", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
bind: "lan",
auth: {},
@@ -55,7 +55,7 @@ describe("security audit", () => {
});
it("warns when loopback control UI lacks trusted proxies", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
bind: "loopback",
controlUi: { enabled: true },
@@ -79,7 +79,7 @@ describe("security audit", () => {
});
it("flags loopback control UI without auth as critical", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
bind: "loopback",
controlUi: { enabled: true },
@@ -105,7 +105,7 @@ describe("security audit", () => {
});
it("flags logging.redactSensitive=off", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
logging: { redactSensitive: "off" },
};
@@ -123,10 +123,10 @@ describe("security audit", () => {
});
it("treats Windows ACL-only perms as secure", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-win-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-win-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
const configPath = path.join(stateDir, "moltbot.json");
const configPath = path.join(stateDir, "openclaw.json");
await fs.writeFile(configPath, "{}\n", "utf-8");
const user = "DESKTOP-TEST\\Tester";
@@ -160,10 +160,10 @@ describe("security audit", () => {
});
it("flags Windows ACLs when Users can read the state dir", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-win-open-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-win-open-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
const configPath = path.join(stateDir, "moltbot.json");
const configPath = path.join(stateDir, "openclaw.json");
await fs.writeFile(configPath, "{}\n", "utf-8");
const user = "DESKTOP-TEST\\Tester";
@@ -200,7 +200,7 @@ describe("security audit", () => {
});
it("warns when small models are paired with web/browser tools", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
agents: { defaults: { model: { primary: "ollama/mistral-8b" } } },
tools: {
web: {
@@ -226,7 +226,7 @@ describe("security audit", () => {
});
it("treats small models as safe when sandbox is on and web tools are disabled", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
agents: { defaults: { model: { primary: "ollama/mistral-8b" }, sandbox: { mode: "all" } } },
tools: {
web: {
@@ -250,7 +250,7 @@ describe("security audit", () => {
});
it("flags tools.elevated allowFrom wildcard as critical", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
tools: {
elevated: {
allowFrom: { whatsapp: ["*"] },
@@ -275,7 +275,7 @@ describe("security audit", () => {
});
it("warns when remote CDP uses HTTP", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
browser: {
profiles: {
remote: { cdpUrl: "http://example.com:9222", color: "#0066CC" },
@@ -297,7 +297,7 @@ describe("security audit", () => {
});
it("warns when control UI allows insecure auth", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
controlUi: { allowInsecureAuth: true },
},
@@ -320,7 +320,7 @@ describe("security audit", () => {
});
it("warns when control UI device auth is disabled", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
controlUi: { dangerouslyDisableDeviceAuth: true },
},
@@ -343,7 +343,7 @@ describe("security audit", () => {
});
it("warns when multiple DM senders share the main session", async () => {
const cfg: MoltbotConfig = { session: { dmScope: "main" } };
const cfg: OpenClawConfig = { session: { dmScope: "main" } };
const plugins: ChannelPlugin[] = [
{
id: "whatsapp",
@@ -391,12 +391,12 @@ describe("security audit", () => {
});
it("flags Discord native commands without a guild user allowlist", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-discord-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
const prevStateDir = process.env.OPENCLAW_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-discord-"));
process.env.OPENCLAW_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
channels: {
discord: {
enabled: true,
@@ -429,20 +429,20 @@ describe("security audit", () => {
]),
);
} finally {
if (prevStateDir == null) delete process.env.CLAWDBOT_STATE_DIR;
else process.env.CLAWDBOT_STATE_DIR = prevStateDir;
if (prevStateDir == null) delete process.env.OPENCLAW_STATE_DIR;
else process.env.OPENCLAW_STATE_DIR = prevStateDir;
}
});
it("does not flag Discord slash commands when dm.allowFrom includes a Discord snowflake id", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const prevStateDir = process.env.OPENCLAW_STATE_DIR;
const tmp = await fs.mkdtemp(
path.join(os.tmpdir(), "moltbot-security-audit-discord-allowfrom-snowflake-"),
path.join(os.tmpdir(), "openclaw-security-audit-discord-allowfrom-snowflake-"),
);
process.env.CLAWDBOT_STATE_DIR = tmp;
process.env.OPENCLAW_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
channels: {
discord: {
enabled: true,
@@ -475,18 +475,18 @@ describe("security audit", () => {
]),
);
} finally {
if (prevStateDir == null) delete process.env.CLAWDBOT_STATE_DIR;
else process.env.CLAWDBOT_STATE_DIR = prevStateDir;
if (prevStateDir == null) delete process.env.OPENCLAW_STATE_DIR;
else process.env.OPENCLAW_STATE_DIR = prevStateDir;
}
});
it("flags Discord slash commands when access-group enforcement is disabled and no users allowlist exists", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-discord-open-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
const prevStateDir = process.env.OPENCLAW_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-discord-open-"));
process.env.OPENCLAW_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
commands: { useAccessGroups: false },
channels: {
discord: {
@@ -520,18 +520,18 @@ describe("security audit", () => {
]),
);
} finally {
if (prevStateDir == null) delete process.env.CLAWDBOT_STATE_DIR;
else process.env.CLAWDBOT_STATE_DIR = prevStateDir;
if (prevStateDir == null) delete process.env.OPENCLAW_STATE_DIR;
else process.env.OPENCLAW_STATE_DIR = prevStateDir;
}
});
it("flags Slack slash commands without a channel users allowlist", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-slack-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
const prevStateDir = process.env.OPENCLAW_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-slack-"));
process.env.OPENCLAW_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
channels: {
slack: {
enabled: true,
@@ -559,18 +559,18 @@ describe("security audit", () => {
]),
);
} finally {
if (prevStateDir == null) delete process.env.CLAWDBOT_STATE_DIR;
else process.env.CLAWDBOT_STATE_DIR = prevStateDir;
if (prevStateDir == null) delete process.env.OPENCLAW_STATE_DIR;
else process.env.OPENCLAW_STATE_DIR = prevStateDir;
}
});
it("flags Slack slash commands when access-group enforcement is disabled", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-slack-open-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
const prevStateDir = process.env.OPENCLAW_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-slack-open-"));
process.env.OPENCLAW_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
commands: { useAccessGroups: false },
channels: {
slack: {
@@ -599,18 +599,18 @@ describe("security audit", () => {
]),
);
} finally {
if (prevStateDir == null) delete process.env.CLAWDBOT_STATE_DIR;
else process.env.CLAWDBOT_STATE_DIR = prevStateDir;
if (prevStateDir == null) delete process.env.OPENCLAW_STATE_DIR;
else process.env.OPENCLAW_STATE_DIR = prevStateDir;
}
});
it("flags Telegram group commands without a sender allowlist", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-telegram-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
const prevStateDir = process.env.OPENCLAW_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-telegram-"));
process.env.OPENCLAW_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
channels: {
telegram: {
enabled: true,
@@ -637,13 +637,13 @@ describe("security audit", () => {
]),
);
} finally {
if (prevStateDir == null) delete process.env.CLAWDBOT_STATE_DIR;
else process.env.CLAWDBOT_STATE_DIR = prevStateDir;
if (prevStateDir == null) delete process.env.OPENCLAW_STATE_DIR;
else process.env.OPENCLAW_STATE_DIR = prevStateDir;
}
});
it("adds a warning when deep probe fails", async () => {
const cfg: MoltbotConfig = { gateway: { mode: "local" } };
const cfg: OpenClawConfig = { gateway: { mode: "local" } };
const res = await runSecurityAudit({
config: cfg,
@@ -672,7 +672,7 @@ describe("security audit", () => {
});
it("adds a warning when deep probe throws", async () => {
const cfg: MoltbotConfig = { gateway: { mode: "local" } };
const cfg: OpenClawConfig = { gateway: { mode: "local" } };
const res = await runSecurityAudit({
config: cfg,
@@ -695,7 +695,7 @@ describe("security audit", () => {
});
it("warns on legacy model configuration", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
agents: { defaults: { model: { primary: "openai/gpt-3.5-turbo" } } },
};
@@ -713,7 +713,7 @@ describe("security audit", () => {
});
it("warns on weak model tiers", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
agents: { defaults: { model: { primary: "anthropic/claude-haiku-4-5" } } },
};
@@ -732,7 +732,7 @@ describe("security audit", () => {
it("does not warn on Venice-style opus-45 model names", async () => {
// Venice uses "claude-opus-45" format (no dash between 4 and 5)
const cfg: ClawdbotConfig = {
const cfg: OpenClawConfig = {
agents: { defaults: { model: { primary: "venice/claude-opus-45" } } },
};
@@ -748,7 +748,7 @@ describe("security audit", () => {
});
it("warns when hooks token looks short", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
hooks: { enabled: true, token: "short" },
};
@@ -766,9 +766,9 @@ describe("security audit", () => {
});
it("warns when hooks token reuses the gateway env token", async () => {
const prevToken = process.env.CLAWDBOT_GATEWAY_TOKEN;
process.env.CLAWDBOT_GATEWAY_TOKEN = "shared-gateway-token-1234567890";
const cfg: MoltbotConfig = {
const prevToken = process.env.OPENCLAW_GATEWAY_TOKEN;
process.env.OPENCLAW_GATEWAY_TOKEN = "shared-gateway-token-1234567890";
const cfg: OpenClawConfig = {
hooks: { enabled: true, token: "shared-gateway-token-1234567890" },
};
@@ -785,20 +785,20 @@ describe("security audit", () => {
]),
);
} finally {
if (prevToken === undefined) delete process.env.CLAWDBOT_GATEWAY_TOKEN;
else process.env.CLAWDBOT_GATEWAY_TOKEN = prevToken;
if (prevToken === undefined) delete process.env.OPENCLAW_GATEWAY_TOKEN;
else process.env.OPENCLAW_GATEWAY_TOKEN = prevToken;
}
});
it("warns when state/config look like a synced folder", async () => {
const cfg: MoltbotConfig = {};
const cfg: OpenClawConfig = {};
const res = await runSecurityAudit({
config: cfg,
includeFilesystem: false,
includeChannelSecurity: false,
stateDir: "/Users/test/Dropbox/.clawdbot",
configPath: "/Users/test/Dropbox/.clawdbot/moltbot.json",
stateDir: "/Users/test/Dropbox/.openclaw",
configPath: "/Users/test/Dropbox/.openclaw/openclaw.json",
});
expect(res.findings).toEqual(
@@ -809,7 +809,7 @@ describe("security audit", () => {
});
it("flags group/world-readable config include files", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true, mode: 0o700 });
@@ -823,12 +823,12 @@ describe("security audit", () => {
await fs.chmod(includePath, 0o644);
}
const configPath = path.join(stateDir, "moltbot.json");
const configPath = path.join(stateDir, "openclaw.json");
await fs.writeFile(configPath, `{ "$include": "./extra.json5" }\n`, "utf-8");
await fs.chmod(configPath, 0o600);
try {
const cfg: MoltbotConfig = { logging: { redactSensitive: "off" } };
const cfg: OpenClawConfig = { logging: { redactSensitive: "off" } };
const user = "DESKTOP-TEST\\Tester";
const execIcacls = isWindows
? async (_cmd: string, args: string[]) => {
@@ -882,7 +882,7 @@ describe("security audit", () => {
delete process.env.TELEGRAM_BOT_TOKEN;
delete process.env.SLACK_BOT_TOKEN;
delete process.env.SLACK_APP_TOKEN;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(path.join(stateDir, "extensions", "some-plugin"), {
recursive: true,
@@ -890,13 +890,13 @@ describe("security audit", () => {
});
try {
const cfg: MoltbotConfig = {};
const cfg: OpenClawConfig = {};
const res = await runSecurityAudit({
config: cfg,
includeFilesystem: true,
includeChannelSecurity: false,
stateDir,
configPath: path.join(stateDir, "moltbot.json"),
configPath: path.join(stateDir, "openclaw.json"),
});
expect(res.findings).toEqual(
@@ -919,7 +919,7 @@ describe("security audit", () => {
it("flags unallowlisted extensions as critical when native skill commands are exposed", async () => {
const prevDiscordToken = process.env.DISCORD_BOT_TOKEN;
delete process.env.DISCORD_BOT_TOKEN;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(path.join(stateDir, "extensions", "some-plugin"), {
recursive: true,
@@ -927,7 +927,7 @@ describe("security audit", () => {
});
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
channels: {
discord: { enabled: true, token: "t" },
},
@@ -937,7 +937,7 @@ describe("security audit", () => {
includeFilesystem: true,
includeChannelSecurity: false,
stateDir,
configPath: path.join(stateDir, "moltbot.json"),
configPath: path.join(stateDir, "openclaw.json"),
});
expect(res.findings).toEqual(
@@ -955,7 +955,7 @@ describe("security audit", () => {
});
it("flags open groupPolicy when tools.elevated is enabled", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
tools: { elevated: { enabled: true, allowFrom: { whatsapp: ["+1"] } } },
channels: { whatsapp: { groupPolicy: "open" } },
};
@@ -977,30 +977,30 @@ describe("security audit", () => {
});
describe("maybeProbeGateway auth selection", () => {
const originalEnvToken = process.env.CLAWDBOT_GATEWAY_TOKEN;
const originalEnvPassword = process.env.CLAWDBOT_GATEWAY_PASSWORD;
const originalEnvToken = process.env.OPENCLAW_GATEWAY_TOKEN;
const originalEnvPassword = process.env.OPENCLAW_GATEWAY_PASSWORD;
beforeEach(() => {
delete process.env.CLAWDBOT_GATEWAY_TOKEN;
delete process.env.CLAWDBOT_GATEWAY_PASSWORD;
delete process.env.OPENCLAW_GATEWAY_TOKEN;
delete process.env.OPENCLAW_GATEWAY_PASSWORD;
});
afterEach(() => {
if (originalEnvToken == null) {
delete process.env.CLAWDBOT_GATEWAY_TOKEN;
delete process.env.OPENCLAW_GATEWAY_TOKEN;
} else {
process.env.CLAWDBOT_GATEWAY_TOKEN = originalEnvToken;
process.env.OPENCLAW_GATEWAY_TOKEN = originalEnvToken;
}
if (originalEnvPassword == null) {
delete process.env.CLAWDBOT_GATEWAY_PASSWORD;
delete process.env.OPENCLAW_GATEWAY_PASSWORD;
} else {
process.env.CLAWDBOT_GATEWAY_PASSWORD = originalEnvPassword;
process.env.OPENCLAW_GATEWAY_PASSWORD = originalEnvPassword;
}
});
it("uses local auth when gateway.mode is local", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "local",
auth: { token: "local-token-abc123" },
@@ -1033,9 +1033,9 @@ describe("security audit", () => {
});
it("prefers env token over local config token", async () => {
process.env.CLAWDBOT_GATEWAY_TOKEN = "env-token";
process.env.OPENCLAW_GATEWAY_TOKEN = "env-token";
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "local",
auth: { token: "local-token" },
@@ -1069,7 +1069,7 @@ describe("security audit", () => {
it("uses local auth when gateway.mode is undefined (default)", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
auth: { token: "default-local-token" },
},
@@ -1102,7 +1102,7 @@ describe("security audit", () => {
it("uses remote auth when gateway.mode is remote with URL", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "remote",
auth: { token: "local-token-should-not-use" },
@@ -1139,9 +1139,9 @@ describe("security audit", () => {
});
it("ignores env token when gateway.mode is remote", async () => {
process.env.CLAWDBOT_GATEWAY_TOKEN = "env-token";
process.env.OPENCLAW_GATEWAY_TOKEN = "env-token";
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "remote",
auth: { token: "local-token-should-not-use" },
@@ -1179,7 +1179,7 @@ describe("security audit", () => {
it("uses remote password when env is unset", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "remote",
remote: {
@@ -1215,9 +1215,9 @@ describe("security audit", () => {
});
it("prefers env password over remote password", async () => {
process.env.CLAWDBOT_GATEWAY_PASSWORD = "env-pass";
process.env.OPENCLAW_GATEWAY_PASSWORD = "env-pass";
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "remote",
remote: {
@@ -1254,7 +1254,7 @@ describe("security audit", () => {
it("falls back to local auth when gateway.mode is remote but URL is missing", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "remote",
auth: { token: "fallback-local-token" },

28
src/security/audit.ts
View File

@@ -1,7 +1,7 @@
import { listChannelPlugins } from "../channels/plugins/index.js";
import { resolveChannelDefaultAccountId } from "../channels/plugins/helpers.js";
import type { ChannelId } from "../channels/plugins/types.js";
import type { MoltbotConfig } from "../config/config.js";
import type { OpenClawConfig } from "../config/config.js";
import { resolveBrowserConfig, resolveProfile } from "../browser/config.js";
import { resolveConfigPath, resolveStateDir } from "../config/paths.js";
import { resolveGatewayAuth } from "../gateway/auth.js";
@@ -62,7 +62,7 @@ export type SecurityAuditReport = {
};
export type SecurityAuditOptions = {
config: MoltbotConfig;
config: OpenClawConfig;
env?: NodeJS.ProcessEnv;
platform?: NodeJS.Platform;
deep?: boolean;
@@ -145,7 +145,7 @@ async function collectFilesystemFindings(params: {
checkId: "fs.state_dir.perms_world_writable",
severity: "critical",
title: "State dir is world-writable",
detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; other users can write into your Moltbot state.`,
detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; other users can write into your OpenClaw state.`,
remediation: formatPermissionRemediation({
targetPath: params.stateDir,
perms: stateDirPerms,
@@ -159,7 +159,7 @@ async function collectFilesystemFindings(params: {
checkId: "fs.state_dir.perms_group_writable",
severity: "warn",
title: "State dir is group-writable",
detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; group users can write into your Moltbot state.`,
detail: `${formatPermissionDetail(params.stateDir, stateDirPerms)}; group users can write into your OpenClaw state.`,
remediation: formatPermissionRemediation({
targetPath: params.stateDir,
perms: stateDirPerms,
@@ -248,7 +248,7 @@ async function collectFilesystemFindings(params: {
}
function collectGatewayConfigFindings(
cfg: MoltbotConfig,
cfg: OpenClawConfig,
env: NodeJS.ProcessEnv,
): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
@@ -356,7 +356,7 @@ function collectGatewayConfigFindings(
return findings;
}
function collectBrowserControlFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
function collectBrowserControlFindings(cfg: OpenClawConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
let resolved: ReturnType<typeof resolveBrowserConfig>;
@@ -368,7 +368,7 @@ function collectBrowserControlFindings(cfg: MoltbotConfig): SecurityAuditFinding
severity: "warn",
title: "Browser control config looks invalid",
detail: String(err),
remediation: `Fix browser.cdpUrl in ${resolveConfigPath()} and re-run "${formatCliCommand("moltbot security audit --deep")}".`,
remediation: `Fix browser.cdpUrl in ${resolveConfigPath()} and re-run "${formatCliCommand("openclaw security audit --deep")}".`,
});
return findings;
}
@@ -398,7 +398,7 @@ function collectBrowserControlFindings(cfg: MoltbotConfig): SecurityAuditFinding
return findings;
}
function collectLoggingFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
function collectLoggingFindings(cfg: OpenClawConfig): SecurityAuditFinding[] {
const redact = cfg.logging?.redactSensitive;
if (redact !== "off") return [];
return [
@@ -412,7 +412,7 @@ function collectLoggingFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
];
}
function collectElevatedFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
function collectElevatedFindings(cfg: OpenClawConfig): SecurityAuditFinding[] {
const findings: SecurityAuditFinding[] = [];
const enabled = cfg.tools?.elevated?.enabled;
const allowFrom = cfg.tools?.elevated?.allowFrom ?? {};
@@ -444,7 +444,7 @@ function collectElevatedFindings(cfg: MoltbotConfig): SecurityAuditFinding[] {
}
async function collectChannelSecurityFindings(params: {
cfg: MoltbotConfig;
cfg: OpenClawConfig;
plugins: ReturnType<typeof listChannelPlugins>;
}): Promise<SecurityAuditFinding[]> {
const findings: SecurityAuditFinding[] = [];
@@ -798,7 +798,7 @@ async function collectChannelSecurityFindings(params: {
}
async function maybeProbeGateway(params: {
cfg: MoltbotConfig;
cfg: OpenClawConfig;
timeoutMs: number;
probe: typeof probeGateway;
}): Promise<SecurityAuditReport["deep"]> {
@@ -818,10 +818,10 @@ async function maybeProbeGateway(params: {
? typeof remote?.token === "string" && remote.token.trim()
? remote.token.trim()
: undefined
: process.env.CLAWDBOT_GATEWAY_TOKEN?.trim() ||
: process.env.OPENCLAW_GATEWAY_TOKEN?.trim() ||
(typeof authToken === "string" && authToken.trim() ? authToken.trim() : undefined);
const password =
process.env.CLAWDBOT_GATEWAY_PASSWORD?.trim() ||
process.env.OPENCLAW_GATEWAY_PASSWORD?.trim() ||
(mode === "remote"
? typeof remote?.password === "string" && remote.password.trim()
? remote.password.trim()
@@ -924,7 +924,7 @@ export async function runSecurityAudit(opts: SecurityAuditOptions): Promise<Secu
severity: "warn",
title: "Gateway probe failed (deep)",
detail: deep.gateway.error ?? "gateway unreachable",
remediation: `Run "${formatCliCommand("moltbot status --all")}" to debug connectivity/auth, then re-run "${formatCliCommand("moltbot security audit --deep")}".`,
remediation: `Run "${formatCliCommand("openclaw status --all")}" to debug connectivity/auth, then re-run "${formatCliCommand("openclaw security audit --deep")}".`,
});
}

40
src/security/fix.test.ts
View File

@@ -18,12 +18,12 @@ const expectPerms = (actual: number, expected: number) => {
describe("security fix", () => {
it("tightens groupPolicy + filesystem perms", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-fix-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-fix-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
await fs.chmod(stateDir, 0o755);
const configPath = path.join(stateDir, "moltbot.json");
const configPath = path.join(stateDir, "openclaw.json");
await fs.writeFile(
configPath,
`${JSON.stringify(
@@ -54,8 +54,8 @@ describe("security fix", () => {
const env = {
...process.env,
CLAWDBOT_STATE_DIR: stateDir,
CLAWDBOT_CONFIG_PATH: "",
OPENCLAW_STATE_DIR: stateDir,
OPENCLAW_CONFIG_PATH: "",
};
const res = await fixSecurityFootguns({ env });
@@ -90,11 +90,11 @@ describe("security fix", () => {
});
it("applies allowlist per-account and seeds WhatsApp groupAllowFrom from store", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-fix-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-fix-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
const configPath = path.join(stateDir, "moltbot.json");
const configPath = path.join(stateDir, "openclaw.json");
await fs.writeFile(
configPath,
`${JSON.stringify(
@@ -123,8 +123,8 @@ describe("security fix", () => {
const env = {
...process.env,
CLAWDBOT_STATE_DIR: stateDir,
CLAWDBOT_CONFIG_PATH: "",
OPENCLAW_STATE_DIR: stateDir,
OPENCLAW_CONFIG_PATH: "",
};
const res = await fixSecurityFootguns({ env });
@@ -140,11 +140,11 @@ describe("security fix", () => {
});
it("does not seed WhatsApp groupAllowFrom if allowFrom is set", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-fix-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-fix-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
const configPath = path.join(stateDir, "moltbot.json");
const configPath = path.join(stateDir, "openclaw.json");
await fs.writeFile(
configPath,
`${JSON.stringify(
@@ -169,8 +169,8 @@ describe("security fix", () => {
const env = {
...process.env,
CLAWDBOT_STATE_DIR: stateDir,
CLAWDBOT_CONFIG_PATH: "",
OPENCLAW_STATE_DIR: stateDir,
OPENCLAW_CONFIG_PATH: "",
};
const res = await fixSecurityFootguns({ env });
@@ -183,19 +183,19 @@ describe("security fix", () => {
});
it("returns ok=false for invalid config but still tightens perms", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-fix-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-fix-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
await fs.chmod(stateDir, 0o755);
const configPath = path.join(stateDir, "moltbot.json");
const configPath = path.join(stateDir, "openclaw.json");
await fs.writeFile(configPath, "{ this is not json }\n", "utf-8");
await fs.chmod(configPath, 0o644);
const env = {
...process.env,
CLAWDBOT_STATE_DIR: stateDir,
CLAWDBOT_CONFIG_PATH: "",
OPENCLAW_STATE_DIR: stateDir,
OPENCLAW_CONFIG_PATH: "",
};
const res = await fixSecurityFootguns({ env });
@@ -209,7 +209,7 @@ describe("security fix", () => {
});
it("tightens perms for credentials + agent auth/sessions + include files", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-fix-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-fix-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
@@ -219,7 +219,7 @@ describe("security fix", () => {
await fs.writeFile(includePath, "{ logging: { redactSensitive: 'off' } }\n", "utf-8");
await fs.chmod(includePath, 0o644);
const configPath = path.join(stateDir, "moltbot.json");
const configPath = path.join(stateDir, "openclaw.json");
await fs.writeFile(
configPath,
`{ "$include": "./includes/extra.json5", channels: { whatsapp: { groupPolicy: "open" } } }\n`,
@@ -251,8 +251,8 @@ describe("security fix", () => {
const env = {
...process.env,
CLAWDBOT_STATE_DIR: stateDir,
CLAWDBOT_CONFIG_PATH: "",
OPENCLAW_STATE_DIR: stateDir,
OPENCLAW_CONFIG_PATH: "",
};
const res = await fixSecurityFootguns({ env });

14
src/security/fix.ts
View File

@@ -3,7 +3,7 @@ import path from "node:path";
import JSON5 from "json5";
import type { MoltbotConfig } from "../config/config.js";
import type { OpenClawConfig } from "../config/config.js";
import { createConfigIO } from "../config/config.js";
import { resolveConfigPath, resolveOAuthDir, resolveStateDir } from "../config/paths.js";
import { resolveDefaultAgentId } from "../agents/agent-scope.js";
@@ -187,13 +187,13 @@ async function safeAclReset(params: {
}
function setGroupPolicyAllowlist(params: {
cfg: MoltbotConfig;
cfg: OpenClawConfig;
channel: string;
changes: string[];
policyFlips: Set<string>;
}): void {
if (!params.cfg.channels) return;
const section = params.cfg.channels[params.channel as keyof MoltbotConfig["channels"]] as
const section = params.cfg.channels[params.channel as keyof OpenClawConfig["channels"]] as
| Record<string, unknown>
| undefined;
if (!section || typeof section !== "object") return;
@@ -222,7 +222,7 @@ function setGroupPolicyAllowlist(params: {
}
function setWhatsAppGroupAllowFromFromStore(params: {
cfg: MoltbotConfig;
cfg: OpenClawConfig;
storeAllowFrom: string[];
changes: string[];
policyFlips: Set<string>;
@@ -252,8 +252,8 @@ function setWhatsAppGroupAllowFromFromStore(params: {
}
}
function applyConfigFixes(params: { cfg: MoltbotConfig; env: NodeJS.ProcessEnv }): {
cfg: MoltbotConfig;
function applyConfigFixes(params: { cfg: OpenClawConfig; env: NodeJS.ProcessEnv }): {
cfg: OpenClawConfig;
changes: string[];
policyFlips: Set<string>;
} {
@@ -349,7 +349,7 @@ async function collectIncludePathsRecursive(params: {
async function chmodCredentialsAndAgentState(params: {
env: NodeJS.ProcessEnv;
stateDir: string;
cfg: MoltbotConfig;
cfg: OpenClawConfig;
actions: SecurityFixAction[];
applyPerms: (params: {
path: string;