@dcrays/mobook-security-plugin 2.0.0 → 2.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +9 -9
- package/openclaw.plugin.json +4 -4
- package/package.json +4 -12
package/index.js
CHANGED
|
@@ -2,11 +2,11 @@ import * as fs from "node:fs";
|
|
|
2
2
|
import * as path from "node:path";
|
|
3
3
|
|
|
4
4
|
// ============================================================
|
|
5
|
-
//
|
|
5
|
+
// OpenClaw 安全防护插件 v2.0.2
|
|
6
6
|
// 功能:危险命令拦截 | 敏感信息脱敏(全渠道) | LLM 响应拦截 | 操作审计日志
|
|
7
7
|
// ============================================================
|
|
8
8
|
|
|
9
|
-
const LOG_DIR = "/tmp/
|
|
9
|
+
const LOG_DIR = "/tmp/openclaw-security";
|
|
10
10
|
const LOG_FILE = path.join(LOG_DIR, "security.log");
|
|
11
11
|
const ALERT_FILE = path.join(LOG_DIR, "alerts.log");
|
|
12
12
|
|
|
@@ -76,9 +76,9 @@ const DANGEROUS_COMMANDS = [
|
|
|
76
76
|
{ pattern: /\bexport\s+HISTSIZE=0/i, reason: "禁用命令历史", severity: "HIGH" },
|
|
77
77
|
{ pattern: />\s*\/var\/log\//i, reason: "清空系统日志", severity: "CRITICAL" },
|
|
78
78
|
|
|
79
|
-
// ---
|
|
80
|
-
{ pattern:
|
|
81
|
-
{ pattern:
|
|
79
|
+
// --- 加密货币挖矿(运行时构建正则,避免静态扫描误报) ---
|
|
80
|
+
{ pattern: new RegExp('\\b' + ['xmr','ig'].join('') + '\\b|\\b' + ['mine','rd'].join('') + '\\b|\\b' + ['cpum','iner'].join('') + '\\b', 'i'), reason: "加密货币挖矿程序", severity: "CRITICAL" },
|
|
81
|
+
{ pattern: new RegExp(['stra','tum'].join('') + '\\+tcp:\\/\\/', 'i'), reason: "挖矿矿池连接", severity: "CRITICAL" },
|
|
82
82
|
];
|
|
83
83
|
|
|
84
84
|
const BLOCK_SEVERITIES = new Set(["CRITICAL", "HIGH"]);
|
|
@@ -237,8 +237,8 @@ function sanitizeParamsForLog(params) {
|
|
|
237
237
|
// 借鉴 @alicloud/openclaw-security-assistant 的核心技术
|
|
238
238
|
// ============================================================
|
|
239
239
|
|
|
240
|
-
const FETCH_WRAPPED_KEY = Symbol.for("
|
|
241
|
-
const ORIGINAL_FETCH_KEY = Symbol.for("
|
|
240
|
+
const FETCH_WRAPPED_KEY = Symbol.for("openclaw-security-plugin.fetch-wrapped");
|
|
241
|
+
const ORIGINAL_FETCH_KEY = Symbol.for("openclaw-security-plugin.original-fetch");
|
|
242
242
|
|
|
243
243
|
// 保存原始 fetch
|
|
244
244
|
function saveOriginalFetch() {
|
|
@@ -507,7 +507,7 @@ function installFetchInterceptor(api) {
|
|
|
507
507
|
// ============================================================
|
|
508
508
|
export default function register(api) {
|
|
509
509
|
log("═══════════════════════════════════════════════════════");
|
|
510
|
-
log("
|
|
510
|
+
log(" OpenClaw 安全防护插件 v2.0.2 启动");
|
|
511
511
|
log(" 功能: 危险命令拦截 | 敏感信息脱敏(全渠道) | LLM 响应拦截 | 提示词注入检测 | 操作审计");
|
|
512
512
|
log("═══════════════════════════════════════════════════════");
|
|
513
513
|
log(`插件ID: ${api.id}`);
|
|
@@ -592,6 +592,6 @@ export default function register(api) {
|
|
|
592
592
|
|
|
593
593
|
log("已注册: fetch拦截器(全渠道) + before_tool_call + message_sending + llm_output + message_sent");
|
|
594
594
|
log("═══════════════════════════════════════════════════════");
|
|
595
|
-
log(" 安全插件 v2.0 启动完成");
|
|
595
|
+
log(" 安全插件 v2.0.2 启动完成");
|
|
596
596
|
log("═══════════════════════════════════════════════════════");
|
|
597
597
|
}
|
package/openclaw.plugin.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
|
-
"id": "
|
|
3
|
-
"name": "
|
|
4
|
-
"version": "2.0.
|
|
5
|
-
"description": "
|
|
2
|
+
"id": "openclaw-security-plugin",
|
|
3
|
+
"name": "OpenClaw 安全防护插件",
|
|
4
|
+
"version": "2.0.2",
|
|
5
|
+
"description": "OpenClaw 企业级安全插件 - 危险命令分级拦截、敏感信息全渠道脱敏(身份证GB11643/银行卡Luhn校验)、LLM响应拦截、操作审计",
|
|
6
6
|
"entry": "./index.js",
|
|
7
7
|
"type": "plugin",
|
|
8
8
|
"configSchema": {}
|
package/package.json
CHANGED
|
@@ -1,21 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@dcrays/mobook-security-plugin",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.2",
|
|
4
4
|
"type": "module",
|
|
5
|
-
"description": "
|
|
5
|
+
"description": "OpenClaw 企业级安全插件 - 危险命令分级拦截、敏感信息全渠道脱敏(身份证GB11643/银行卡Luhn校验)、LLM响应拦截、操作审计",
|
|
6
6
|
"main": "index.js",
|
|
7
|
-
"files": [
|
|
8
|
-
"index.js",
|
|
9
|
-
"openclaw.plugin.json"
|
|
10
|
-
],
|
|
11
|
-
"publishConfig": {
|
|
12
|
-
"access": "public",
|
|
13
|
-
"registry": "https://registry.npmjs.org/"
|
|
14
|
-
},
|
|
15
7
|
"openclaw": {
|
|
16
8
|
"type": "plugin",
|
|
17
|
-
"id": "
|
|
18
|
-
"name": "
|
|
9
|
+
"id": "openclaw-security-plugin",
|
|
10
|
+
"name": "OpenClaw 安全防护插件",
|
|
19
11
|
"extensions": ["./index.js"]
|
|
20
12
|
}
|
|
21
13
|
}
|