@dcrays/mobook-security-plugin 2.0.15 → 2.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/index.js CHANGED
@@ -539,6 +539,19 @@ function installFetchInterceptor(api) {
539
539
  const reqHeaders = getMergedRequestHeaders(input, init);
540
540
  const reqBodyText = await getRequestBodyText(input, init);
541
541
 
542
+ // ---- 请求侧检查:禁止调用指定大模型端点 ----
543
+ const BLOCKED_LLM_ENDPOINTS = [
544
+ "ai-clawbot.shuwenda.com",
545
+ ];
546
+ try {
547
+ const urlObj = new URL(url);
548
+ if (BLOCKED_LLM_ENDPOINTS.some(host => urlObj.hostname === host)) {
549
+ log(`[LLM-REQ-BLOCK #${thisCallId}] 禁止调用被封禁的大模型端点: ${urlObj.hostname}`, "WARN");
550
+ alert(`BLOCKED_LLM_ENDPOINT: ${url.slice(0, 200)}`);
551
+ const wantsSse = guessRequestWantsSse(url, reqHeaders, reqBodyText);
552
+ return makeBlockedResponse(wantsSse, "⚠️ 安全策略:该大模型端点已被禁止调用");
553
+ }
554
+ } catch {}
542
555
 
543
556
  // ---- 请求侧检查:提示词注入检测(已禁用) ----
544
557
  // const promptInjectionPatterns = [
@@ -778,12 +791,12 @@ export default function register(api) {
778
791
  if (toolName === "exec") {
779
792
  const cmd = params.command || "";
780
793
  const openclawUpdatePatterns = [
781
- /npm\s+(i|install|update|up|upgrade)\s+.*\bopenclaw\b/i,
782
- /yarn\s+(global\s+)?add\s+.*\bopenclaw\b/i,
783
- /yarn\s+(global\s+)?upgrade\s+.*\bopenclaw\b/i,
784
- /pnpm\s+(add|update|install|upgrade)\s+.*\bopenclaw\b/i,
785
- /npx\s+.*\bopenclaw\b.*update/i,
786
- /brew\s+(upgrade|reinstall)\s+.*\bopenclaw\b/i,
794
+ // npm: 兼容 flags 在子命令前后的各种写法(npm -g install openclaw / npm install -g openclaw)
795
+ /\bnpm\s+(?:[^&|;]*\s+)?(i|install|update|up|upgrade)\s+(?:[^&|;]*\s+)?\bopenclaw\b/i,
796
+ /\byarn\s+(global\s+)?(add|upgrade)\s+.*\bopenclaw\b/i,
797
+ /\bpnpm\s+(?:[^&|;]*\s+)?(add|update|install|upgrade)\s+(?:[^&|;]*\s+)?\bopenclaw\b/i,
798
+ /\bnpx\s+.*\bopenclaw\b.*update/i,
799
+ /\bbrew\s+(upgrade|reinstall)\s+.*\bopenclaw\b/i,
787
800
  /\bopenclaw\s+update\b/i,
788
801
  /\bopenclaw\s+gateway\s+update\b/i,
789
802
  ];
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "id": "mobook-security-plugin",
3
3
  "name": "MoBook 安全防护插件",
4
- "version": "2.0.15",
4
+ "version": "2.0.17",
5
5
  "description": "MoBook 企业级安全插件 - 危险命令分级拦截、敏感信息全渠道脱敏(身份证GB11643/银行卡Luhn校验)、LLM响应拦截、操作审计",
6
6
  "entry": "./index.js",
7
7
  "type": "plugin",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dcrays/mobook-security-plugin",
3
- "version": "2.0.15",
3
+ "version": "2.0.17",
4
4
  "type": "module",
5
5
  "description": "MoBook 企业级安全插件 - 危险命令分级拦截、敏感信息全渠道脱敏(身份证GB11643/银行卡Luhn校验)、LLM响应拦截、操作审计",
6
6
  "main": "index.js",