@contextfort-ai/openclaw-secure 0.1.4 → 0.1.6

package/bin/openclaw-secure.js

@@ -37,6 +37,7 @@ if (args[0] === 'set-key') {
   fs.mkdirSync(CONFIG_DIR, { recursive: true });
   fs.writeFileSync(CONFIG_FILE, key + '\n', { mode: 0o600 });
   console.log('API key saved to ~/.contextfort/config');
+  console.log('\nNext step: run `openclaw-secure enable` to activate the guard.');
   process.exit(0);
 }
 

package/monitor/prompt_injection_guard/index.js

@@ -87,15 +87,22 @@ module.exports = function createPromptInjectionGuard({ httpsRequest, anthropicKe
     return scanPatterns.some(p => lower.includes(p.toLowerCase()));
   }
 
+  function getMatchedPattern(cmd) {
+    if (!cmd || typeof cmd !== 'string') return null;
+    const lower = cmd.toLowerCase();
+    return scanPatterns.find(p => lower.includes(p.toLowerCase())) || null;
+  }
+
   function scanOutput(command, stdout, stderr) {
     if (!shouldScanCommand(command)) return;
+    const matchedPattern = getMatchedPattern(command);
     const output = (stdout || '') + (stderr || '');
     if (output.length < 20) return; // too short to contain injection
 
     const scanId = `scan_${++scanCounter}`;
     if (pendingScans.size > 10) return; // don't pile up
     pendingScans.add(scanId);
-    track('output_scan_started', { scan_id: scanId });
+    track('output_scan_started', { scan_id: scanId, matched_pattern: matchedPattern });
 
     // Cap output to 50k chars
     const truncated = output.length > 50000 ? output.slice(0, 50000) + '\n[TRUNCATED]' : output;
@@ -150,7 +157,7 @@ Respond with ONLY a JSON object, no markdown, no explanation:
               // Strip markdown code fences if present
               text = text.replace(/^```(?:json)?\s*/i, '').replace(/\s*```$/i, '').trim();
               const parsed = JSON.parse(text);
-              track('output_scan_result', { scan_id: scanId, suspicious: !!parsed.suspicious });
+              track('output_scan_result', { scan_id: scanId, suspicious: !!parsed.suspicious, matched_pattern: matchedPattern });
               if (parsed.suspicious) {
                 flaggedOutput.set(scanId, {
                   suspicious: true,

package/monitor/skills_guard/index.js

@@ -83,6 +83,7 @@ module.exports = function createSkillsGuard({ readFileSync, httpsRequest, baseDi
 
   function readSkillFiles(skillPath) {
     const files = [];
+    const binaryFiles = [];
     const MAX_FILE_SIZE = 1 * 1024 * 1024; // 1MB
     const MAX_TOTAL_SIZE = 5 * 1024 * 1024; // 5MB
     let totalSize = 0;
@@ -91,7 +92,7 @@ module.exports = function createSkillsGuard({ readFileSync, httpsRequest, baseDi
       let entries;
       try { entries = fs.readdirSync(dirPath, { withFileTypes: true }); } catch { return; }
       for (const e of entries) {
-        if (e.name.startsWith('.')) continue; // skip hidden
+        if (e.name.startsWith('.') || e.name === 'node_modules') continue; // skip hidden and node_modules
         const full = path.join(dirPath, e.name);
         if (e.isDirectory()) {
           walk(full, path.join(base, e.name));
@@ -100,11 +101,14 @@ module.exports = function createSkillsGuard({ readFileSync, httpsRequest, baseDi
             const stat = fs.statSync(full);
             if (stat.size > MAX_FILE_SIZE || stat.size === 0) continue;
             if (totalSize + stat.size > MAX_TOTAL_SIZE) continue;
-            // Skip binaries: read first 512 bytes and check for null bytes
+            // Check for binaries: read first 512 bytes and check for null bytes
             const buf = Buffer.alloc(Math.min(512, stat.size));
             const fd = fs.openSync(full, 'r');
             try { fs.readSync(fd, buf, 0, buf.length, 0); } finally { fs.closeSync(fd); }
-            if (buf.includes(0)) continue; // binary file
+            if (buf.includes(0)) {
+              binaryFiles.push(path.join(base, e.name));
+              continue;
+            }
 
             const content = readFileSync(full, 'utf8');
             totalSize += stat.size;
@@ -114,7 +118,7 @@ module.exports = function createSkillsGuard({ readFileSync, httpsRequest, baseDi
       }
     }
     walk(skillPath, '');
-    return files;
+    return { files, binaryFiles };
   }
 
   function hashSkillFiles(files) {
@@ -218,15 +222,58 @@ module.exports = function createSkillsGuard({ readFileSync, httpsRequest, baseDi
     }
   }
 
+  function logSkillRemoved(skillPath, installId) {
+    track('skill_removed', { skill_name: path.basename(skillPath) });
+    const payload = JSON.stringify({
+      install_id: installId,
+      skill_path: skillPath,
+      skill_name: path.basename(skillPath),
+      files: [],
+      removed: true,
+    });
+
+    const url = new URL(SKILL_SCAN_API);
+    const headers = {
+      'Content-Type': 'application/json',
+      'Content-Length': Buffer.byteLength(payload),
+    };
+    if (apiKey) headers['Authorization'] = `Bearer ${apiKey}`;
+    try {
+      const req = httpsRequest({
+        hostname: url.hostname,
+        port: url.port || 443,
+        path: url.pathname,
+        method: 'POST',
+        headers,
+        timeout: 15000,
+      }, () => {});
+      req.on('error', () => {});
+      req.write(payload);
+      req.end();
+    } catch {}
+  }
+
   function scanSkillIfChanged(skillPath) {
-    const files = readSkillFiles(skillPath);
-    if (files.length === 0) {
+    const { files, binaryFiles } = readSkillFiles(skillPath);
+    if (files.length === 0 && binaryFiles.length === 0) {
       // Skill was deleted or is empty — remove from flagged
       flaggedSkills.delete(skillPath);
       skillContentHashes.delete(skillPath);
       saveScanCache();
       return;
     }
+
+    // Flag immediately if binary files found — legitimate skills should not contain binaries
+    if (binaryFiles.length > 0) {
+      flaggedSkills.set(skillPath, {
+        suspicious: true,
+        reason: `Skill contains binary files (${binaryFiles.join(', ')}). Legitimate skills should only contain text files. Please delete these binary files or remove this skill.`,
+      });
+      track('skill_binary_detected', { skill_name: path.basename(skillPath), binary_count: binaryFiles.length });
+      saveScanCache();
+      return;
+    }
+
     const hash = hashSkillFiles(files);
     if (skillContentHashes.get(skillPath) === hash) return; // unchanged
 
@@ -245,9 +292,20 @@ module.exports = function createSkillsGuard({ readFileSync, httpsRequest, baseDi
           debounceTimers.delete(skillDir);
           // Re-discover skills and scan changed ones
           const skills = collectSkillEntries(dir);
+          const currentPaths = new Set(skills.map(s => s.skillPath));
           for (const { skillPath } of skills) {
             scanSkillIfChanged(skillPath);
           }
+          // Detect deleted skills: any known skill in this dir that no longer exists
+          for (const knownPath of skillContentHashes.keys()) {
+            if (knownPath.startsWith(dir) && !currentPaths.has(knownPath)) {
+              flaggedSkills.delete(knownPath);
+              skillContentHashes.delete(knownPath);
+              const installId = getInstallId();
+              logSkillRemoved(knownPath, installId);
+              saveScanCache();
+            }
+          }
         }, 500));
       });
       activeWatchers.push(watcher);

package/openclaw-secure.js

@@ -129,7 +129,7 @@ function shouldBlockCommand(cmd) {
   }
   const result = checkCommandWithMonitor(cmd);
   if (result?.blocked) {
-    analytics.track('command_blocked', { blocker: 'tirith' });
+    analytics.track('command_blocked', { blocker: 'tirith', reason: result.reason });
     return result;
   }
   return null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contextfort-ai/openclaw-secure",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "description": "Runtime security guard for OpenClaw — blocks malicious commands before they execute",
   "bin": {
     "openclaw-secure": "./bin/openclaw-secure.js"