@gguf/claw 2026.2.4 → 2026.2.5

package/dist/{audit-D-OqdjQu.js → audit-BWbjQmyv.js}

@@ -1,18 +1,22 @@
 import { B as resolveConfigPath, J as resolveOAuthDir, X as resolveStateDir } from "./entry.js";
-import { t as formatCliCommand } from "./command-format-3xiXujG0.js";
-import { N as normalizeAgentId, c as resolveDefaultAgentId } from "./agent-scope-jm0ZdXwM.js";
-import { n as runExec } from "./exec-BIMFe4XS.js";
-import { D as INCLUDE_KEY, O as MAX_INCLUDE_DEPTH, n as createConfigIO } from "./config-DCT1RAo6.js";
-import { a as resolveBrowserConfig, o as resolveProfile } from "./server-context-CM_E6wD5.js";
-import { i as resolveGatewayAuth } from "./auth-viF_w60n.js";
-import { t as GatewayClient } from "./client-cU7Xg1MO.js";
-import { t as buildGatewayConnectionDetails } from "./call-CfqL-4Nc.js";
-import { m as GATEWAY_CLIENT_NAMES, p as GATEWAY_CLIENT_MODES } from "./message-channel-CAFcg7mw.js";
-import { n as listChannelPlugins } from "./plugins-TrKFfrLt.js";
-import { t as resolveChannelDefaultAccountId } from "./helpers-DfgBr1D5.js";
-import { G as resolveSandboxToolPolicyForAgent, U as resolveSandboxConfigForAgent, Z as resolveToolProfilePolicy } from "./sandbox-Cnq9TXEn.js";
-import { a as isToolAllowedByPolicies, n as resolveNativeCommandsEnabled, r as resolveNativeSkillsEnabled } from "./commands-DMKDOFmC.js";
-import { i as readChannelAllowFromStore } from "./pairing-store-DMex6WWe.js";
+import { t as formatCliCommand } from "./command-format-ayFsmwwz.js";
+import { c as normalizeAgentId } from "./session-key-CZkcvAtx.js";
+import { n as runExec } from "./exec-B8JKbXKW.js";
+import { c as resolveDefaultAgentId, s as resolveAgentWorkspaceDir } from "./agent-scope-C9VjJXEK.js";
+import { D as MAX_INCLUDE_DEPTH, E as INCLUDE_KEY, r as createConfigIO } from "./config-CKLedg5Y.js";
+import { a as MANIFEST_KEY } from "./manifest-registry-C69Z-I4v.js";
+import { a as resolveBrowserConfig, o as resolveProfile } from "./server-context-yKyxyxOJ.js";
+import { i as resolveGatewayAuth } from "./auth-DksjO6WG.js";
+import { t as GatewayClient } from "./client-CxbkcEZ7.js";
+import { t as buildGatewayConnectionDetails } from "./call-90HgQQ8o.js";
+import { h as GATEWAY_CLIENT_NAMES, m as GATEWAY_CLIENT_MODES } from "./message-channel-BlgPSDAh.js";
+import { n as listChannelPlugins } from "./plugins-BUPpq5aS.js";
+import { t as resolveChannelDefaultAccountId } from "./helpers-D66_XoIz.js";
+import { t as scanDirectoryWithSummary } from "./skill-scanner-Bp1D9gra.js";
+import { G as resolveSandboxToolPolicyForAgent, Q as resolveToolProfilePolicy, U as resolveSandboxConfigForAgent } from "./sandbox-DuqLKN5J.js";
+import { i as loadWorkspaceSkillEntries } from "./skills-CmU0Q92f.js";
+import { a as isToolAllowedByPolicies, n as resolveNativeCommandsEnabled, r as resolveNativeSkillsEnabled } from "./commands-DAC7XMAT.js";
+import { i as readChannelAllowFromStore } from "./pairing-store-DTfv_FGA.js";
 import path from "node:path";
 import os from "node:os";
 import JSON5 from "json5";
@@ -577,7 +581,7 @@ function isClaudeModel(id) {
 	return /\bclaude-/i.test(id);
 }
 function isClaude45OrHigher(id) {
-	return /\bclaude-[^\s/]*?(?:-4-?5\b|4\.5\b)/i.test(id);
+	return /\bclaude-[^\s/]*?(?:-4-?(?:[5-9]|[1-9]\d)\b|4\.(?:[5-9]|[1-9]\d)\b|-[5-9](?:\b|[.-]))/i.test(id);
 }
 function collectModelHygieneFindings(cfg) {
 	const findings = [];
@@ -1045,6 +1049,162 @@ async function readConfigSnapshotForAudit(params) {
 		configPath: params.configPath
 	}).readConfigFileSnapshot();
 }
+function isPathInside(basePath, candidatePath) {
+	const base = path.resolve(basePath);
+	const candidate = path.resolve(candidatePath);
+	const rel = path.relative(base, candidate);
+	return rel === "" || !rel.startsWith(`..${path.sep}`) && rel !== ".." && !path.isAbsolute(rel);
+}
+function extensionUsesSkippedScannerPath(entry) {
+	return entry.split(/[\\/]+/).filter(Boolean).some((segment) => segment === "node_modules" || segment.startsWith(".") && segment !== "." && segment !== "..");
+}
+async function readPluginManifestExtensions(pluginPath) {
+	const manifestPath = path.join(pluginPath, "package.json");
+	const raw = await fs.readFile(manifestPath, "utf-8").catch(() => "");
+	if (!raw.trim()) return [];
+	const extensions = JSON.parse(raw)?.[MANIFEST_KEY]?.extensions;
+	if (!Array.isArray(extensions)) return [];
+	return extensions.map((entry) => typeof entry === "string" ? entry.trim() : "").filter(Boolean);
+}
+function listWorkspaceDirs(cfg) {
+	const dirs = /* @__PURE__ */ new Set();
+	const list = cfg.agents?.list;
+	if (Array.isArray(list)) {
+		for (const entry of list) if (entry && typeof entry === "object" && typeof entry.id === "string") dirs.add(resolveAgentWorkspaceDir(cfg, entry.id));
+	}
+	dirs.add(resolveAgentWorkspaceDir(cfg, resolveDefaultAgentId(cfg)));
+	return [...dirs];
+}
+function formatCodeSafetyDetails(findings, rootDir) {
+	return findings.map((finding) => {
+		const relPath = path.relative(rootDir, finding.file);
+		const normalizedPath = (relPath && relPath !== "." && !relPath.startsWith("..") ? relPath : path.basename(finding.file)).replaceAll("\\", "/");
+		return `  - [${finding.ruleId}] ${finding.message} (${normalizedPath}:${finding.line})`;
+	}).join("\n");
+}
+async function collectPluginsCodeSafetyFindings(params) {
+	const findings = [];
+	const extensionsDir = path.join(params.stateDir, "extensions");
+	const st = await safeStat(extensionsDir);
+	if (!st.ok || !st.isDir) return findings;
+	const pluginDirs = (await fs.readdir(extensionsDir, { withFileTypes: true }).catch((err) => {
+		findings.push({
+			checkId: "plugins.code_safety.scan_failed",
+			severity: "warn",
+			title: "Plugin extensions directory scan failed",
+			detail: `Static code scan could not list extensions directory: ${String(err)}`,
+			remediation: "Check file permissions and plugin layout, then rerun `openclaw security audit --deep`."
+		});
+		return [];
+	})).filter((e) => e.isDirectory()).map((e) => e.name);
+	for (const pluginName of pluginDirs) {
+		const pluginPath = path.join(extensionsDir, pluginName);
+		const extensionEntries = await readPluginManifestExtensions(pluginPath).catch(() => []);
+		const forcedScanEntries = [];
+		const escapedEntries = [];
+		for (const entry of extensionEntries) {
+			const resolvedEntry = path.resolve(pluginPath, entry);
+			if (!isPathInside(pluginPath, resolvedEntry)) {
+				escapedEntries.push(entry);
+				continue;
+			}
+			if (extensionUsesSkippedScannerPath(entry)) findings.push({
+				checkId: "plugins.code_safety.entry_path",
+				severity: "warn",
+				title: `Plugin "${pluginName}" entry path is hidden or node_modules`,
+				detail: `Extension entry "${entry}" points to a hidden or node_modules path. Deep code scan will cover this entry explicitly, but review this path choice carefully.`,
+				remediation: "Prefer extension entrypoints under normal source paths like dist/ or src/."
+			});
+			forcedScanEntries.push(resolvedEntry);
+		}
+		if (escapedEntries.length > 0) findings.push({
+			checkId: "plugins.code_safety.entry_escape",
+			severity: "critical",
+			title: `Plugin "${pluginName}" has extension entry path traversal`,
+			detail: `Found extension entries that escape the plugin directory:\n${escapedEntries.map((entry) => `  - ${entry}`).join("\n")}`,
+			remediation: "Update the plugin manifest so all openclaw.extensions entries stay inside the plugin directory."
+		});
+		const summary = await scanDirectoryWithSummary(pluginPath, { includeFiles: forcedScanEntries }).catch((err) => {
+			findings.push({
+				checkId: "plugins.code_safety.scan_failed",
+				severity: "warn",
+				title: `Plugin "${pluginName}" code scan failed`,
+				detail: `Static code scan could not complete: ${String(err)}`,
+				remediation: "Check file permissions and plugin layout, then rerun `openclaw security audit --deep`."
+			});
+			return null;
+		});
+		if (!summary) continue;
+		if (summary.critical > 0) {
+			const details = formatCodeSafetyDetails(summary.findings.filter((f) => f.severity === "critical"), pluginPath);
+			findings.push({
+				checkId: "plugins.code_safety",
+				severity: "critical",
+				title: `Plugin "${pluginName}" contains dangerous code patterns`,
+				detail: `Found ${summary.critical} critical issue(s) in ${summary.scannedFiles} scanned file(s):\n${details}`,
+				remediation: "Review the plugin source code carefully before use. If untrusted, remove the plugin from your OpenClaw extensions state directory."
+			});
+		} else if (summary.warn > 0) {
+			const details = formatCodeSafetyDetails(summary.findings.filter((f) => f.severity === "warn"), pluginPath);
+			findings.push({
+				checkId: "plugins.code_safety",
+				severity: "warn",
+				title: `Plugin "${pluginName}" contains suspicious code patterns`,
+				detail: `Found ${summary.warn} warning(s) in ${summary.scannedFiles} scanned file(s):\n${details}`,
+				remediation: `Review the flagged code to ensure it is intentional and safe.`
+			});
+		}
+	}
+	return findings;
+}
+async function collectInstalledSkillsCodeSafetyFindings(params) {
+	const findings = [];
+	const pluginExtensionsDir = path.join(params.stateDir, "extensions");
+	const scannedSkillDirs = /* @__PURE__ */ new Set();
+	const workspaceDirs = listWorkspaceDirs(params.cfg);
+	for (const workspaceDir of workspaceDirs) {
+		const entries = loadWorkspaceSkillEntries(workspaceDir, { config: params.cfg });
+		for (const entry of entries) {
+			if (entry.skill.source === "openclaw-bundled") continue;
+			const skillDir = path.resolve(entry.skill.baseDir);
+			if (isPathInside(pluginExtensionsDir, skillDir)) continue;
+			if (scannedSkillDirs.has(skillDir)) continue;
+			scannedSkillDirs.add(skillDir);
+			const skillName = entry.skill.name;
+			const summary = await scanDirectoryWithSummary(skillDir).catch((err) => {
+				findings.push({
+					checkId: "skills.code_safety.scan_failed",
+					severity: "warn",
+					title: `Skill "${skillName}" code scan failed`,
+					detail: `Static code scan could not complete for ${skillDir}: ${String(err)}`,
+					remediation: "Check file permissions and skill layout, then rerun `openclaw security audit --deep`."
+				});
+				return null;
+			});
+			if (!summary) continue;
+			if (summary.critical > 0) {
+				const details = formatCodeSafetyDetails(summary.findings.filter((finding) => finding.severity === "critical"), skillDir);
+				findings.push({
+					checkId: "skills.code_safety",
+					severity: "critical",
+					title: `Skill "${skillName}" contains dangerous code patterns`,
+					detail: `Found ${summary.critical} critical issue(s) in ${summary.scannedFiles} scanned file(s) under ${skillDir}:\n${details}`,
+					remediation: `Review the skill source code before use. If untrusted, remove "${skillDir}".`
+				});
+			} else if (summary.warn > 0) {
+				const details = formatCodeSafetyDetails(summary.findings.filter((finding) => finding.severity === "warn"), skillDir);
+				findings.push({
+					checkId: "skills.code_safety",
+					severity: "warn",
+					title: `Skill "${skillName}" contains suspicious code patterns`,
+					detail: `Found ${summary.warn} warning(s) in ${summary.scannedFiles} scanned file(s) under ${skillDir}:\n${details}`,
+					remediation: "Review flagged lines to ensure the behavior is intentional and safe."
+				});
+			}
+		}
+	}
+	return findings;
+}
 
 //#endregion
 //#region src/security/audit.ts
@@ -1653,6 +1813,13 @@ async function runSecurityAudit(opts) {
 			cfg,
 			stateDir
 		}));
+		if (opts.deep === true) {
+			findings.push(...await collectPluginsCodeSafetyFindings({ stateDir }));
+			findings.push(...await collectInstalledSkillsCodeSafetyFindings({
+				cfg,
+				stateDir
+			}));
+		}
 	}
 	if (opts.includeChannelSecurity !== false) {
 		const plugins = opts.plugins ?? listChannelPlugins();

package/dist/{audit-CWGOX7Eh.js → audit-ZY6Dk5Ec.js}

@@ -1,18 +1,22 @@
-import { g as resolveStateDir, m as resolveOAuthDir, o as resolveConfigPath } from "./paths-BDd7_JUB.js";
-import { N as normalizeAgentId, c as resolveDefaultAgentId } from "./agent-scope-CrgUOY3f.js";
-import { n as runExec } from "./exec-CTo4hK94.js";
-import { t as formatCliCommand } from "./command-format-BQK1OIvH.js";
-import { D as INCLUDE_KEY, O as MAX_INCLUDE_DEPTH, n as createConfigIO } from "./config-qgIz1lbh.js";
-import { n as listChannelPlugins } from "./plugins-D1CxUobm.js";
-import { $ as resolveSandboxToolPolicyForAgent, Z as resolveSandboxConfigForAgent, at as resolveToolProfilePolicy } from "./sandbox-BXUfp_qv.js";
-import { a as resolveProfile, i as resolveBrowserConfig } from "./server-context-D2cv-pIA.js";
-import { m as GATEWAY_CLIENT_NAMES, p as GATEWAY_CLIENT_MODES } from "./message-channel-CQGWXVL4.js";
-import { t as GatewayClient } from "./client-zqMhLTAX.js";
-import { t as buildGatewayConnectionDetails } from "./call-CPBhMXxo.js";
-import { i as readChannelAllowFromStore } from "./pairing-store-BnMngoWQ.js";
-import { c as resolveNativeSkillsEnabled, n as isToolAllowedByPolicies, s as resolveNativeCommandsEnabled } from "./pi-tools.policy-DleRi9eC.js";
-import { t as resolveChannelDefaultAccountId } from "./helpers-Cw9kFCkw.js";
-import { i as resolveGatewayAuth } from "./auth-DK3l201_.js";
+import { g as resolveStateDir, m as resolveOAuthDir, o as resolveConfigPath } from "./paths-scjhy7N2.js";
+import { c as normalizeAgentId } from "./session-key-Dm2EOhrH.js";
+import { n as runExec } from "./exec-HEWTMJ7j.js";
+import { c as resolveDefaultAgentId, s as resolveAgentWorkspaceDir } from "./agent-scope-CMs5Y7l-.js";
+import { t as formatCliCommand } from "./command-format-ChfKqObn.js";
+import { D as MAX_INCLUDE_DEPTH, E as INCLUDE_KEY, r as createConfigIO } from "./config-CAuZ-EkU.js";
+import { a as MANIFEST_KEY } from "./manifest-registry-DHaa1SJb.js";
+import { n as listChannelPlugins } from "./plugins-BYIWo0Cp.js";
+import { $ as resolveSandboxToolPolicyForAgent, Z as resolveSandboxConfigForAgent, ot as resolveToolProfilePolicy } from "./sandbox-CV8VwPij.js";
+import { i as loadWorkspaceSkillEntries } from "./skills-D5JDj3TR.js";
+import { a as resolveProfile, i as resolveBrowserConfig } from "./server-context-vChIAqjH.js";
+import { h as GATEWAY_CLIENT_NAMES, m as GATEWAY_CLIENT_MODES } from "./message-channel-Bpfe5l5f.js";
+import { t as GatewayClient } from "./client-BYVbRnuQ.js";
+import { t as buildGatewayConnectionDetails } from "./call-BTbA5OB4.js";
+import { i as readChannelAllowFromStore } from "./pairing-store-DFq7WtOv.js";
+import { c as resolveNativeSkillsEnabled, n as isToolAllowedByPolicies, s as resolveNativeCommandsEnabled } from "./pi-tools.policy-BQ8N5y8a.js";
+import { t as resolveChannelDefaultAccountId } from "./helpers-BIc7L8EF.js";
+import { t as scanDirectoryWithSummary } from "./skill-scanner-BoGjHXUZ.js";
+import { i as resolveGatewayAuth } from "./auth-CbhB03Rz.js";
 import os from "node:os";
 import path from "node:path";
 import JSON5 from "json5";
@@ -577,7 +581,7 @@ function isClaudeModel(id) {
 	return /\bclaude-/i.test(id);
 }
 function isClaude45OrHigher(id) {
-	return /\bclaude-[^\s/]*?(?:-4-?5\b|4\.5\b)/i.test(id);
+	return /\bclaude-[^\s/]*?(?:-4-?(?:[5-9]|[1-9]\d)\b|4\.(?:[5-9]|[1-9]\d)\b|-[5-9](?:\b|[.-]))/i.test(id);
 }
 function collectModelHygieneFindings(cfg) {
 	const findings = [];
@@ -1045,6 +1049,162 @@ async function readConfigSnapshotForAudit(params) {
 		configPath: params.configPath
 	}).readConfigFileSnapshot();
 }
+function isPathInside(basePath, candidatePath) {
+	const base = path.resolve(basePath);
+	const candidate = path.resolve(candidatePath);
+	const rel = path.relative(base, candidate);
+	return rel === "" || !rel.startsWith(`..${path.sep}`) && rel !== ".." && !path.isAbsolute(rel);
+}
+function extensionUsesSkippedScannerPath(entry) {
+	return entry.split(/[\\/]+/).filter(Boolean).some((segment) => segment === "node_modules" || segment.startsWith(".") && segment !== "." && segment !== "..");
+}
+async function readPluginManifestExtensions(pluginPath) {
+	const manifestPath = path.join(pluginPath, "package.json");
+	const raw = await fs.readFile(manifestPath, "utf-8").catch(() => "");
+	if (!raw.trim()) return [];
+	const extensions = JSON.parse(raw)?.[MANIFEST_KEY]?.extensions;
+	if (!Array.isArray(extensions)) return [];
+	return extensions.map((entry) => typeof entry === "string" ? entry.trim() : "").filter(Boolean);
+}
+function listWorkspaceDirs(cfg) {
+	const dirs = /* @__PURE__ */ new Set();
+	const list = cfg.agents?.list;
+	if (Array.isArray(list)) {
+		for (const entry of list) if (entry && typeof entry === "object" && typeof entry.id === "string") dirs.add(resolveAgentWorkspaceDir(cfg, entry.id));
+	}
+	dirs.add(resolveAgentWorkspaceDir(cfg, resolveDefaultAgentId(cfg)));
+	return [...dirs];
+}
+function formatCodeSafetyDetails(findings, rootDir) {
+	return findings.map((finding) => {
+		const relPath = path.relative(rootDir, finding.file);
+		const normalizedPath = (relPath && relPath !== "." && !relPath.startsWith("..") ? relPath : path.basename(finding.file)).replaceAll("\\", "/");
+		return `  - [${finding.ruleId}] ${finding.message} (${normalizedPath}:${finding.line})`;
+	}).join("\n");
+}
+async function collectPluginsCodeSafetyFindings(params) {
+	const findings = [];
+	const extensionsDir = path.join(params.stateDir, "extensions");
+	const st = await safeStat(extensionsDir);
+	if (!st.ok || !st.isDir) return findings;
+	const pluginDirs = (await fs.readdir(extensionsDir, { withFileTypes: true }).catch((err) => {
+		findings.push({
+			checkId: "plugins.code_safety.scan_failed",
+			severity: "warn",
+			title: "Plugin extensions directory scan failed",
+			detail: `Static code scan could not list extensions directory: ${String(err)}`,
+			remediation: "Check file permissions and plugin layout, then rerun `openclaw security audit --deep`."
+		});
+		return [];
+	})).filter((e) => e.isDirectory()).map((e) => e.name);
+	for (const pluginName of pluginDirs) {
+		const pluginPath = path.join(extensionsDir, pluginName);
+		const extensionEntries = await readPluginManifestExtensions(pluginPath).catch(() => []);
+		const forcedScanEntries = [];
+		const escapedEntries = [];
+		for (const entry of extensionEntries) {
+			const resolvedEntry = path.resolve(pluginPath, entry);
+			if (!isPathInside(pluginPath, resolvedEntry)) {
+				escapedEntries.push(entry);
+				continue;
+			}
+			if (extensionUsesSkippedScannerPath(entry)) findings.push({
+				checkId: "plugins.code_safety.entry_path",
+				severity: "warn",
+				title: `Plugin "${pluginName}" entry path is hidden or node_modules`,
+				detail: `Extension entry "${entry}" points to a hidden or node_modules path. Deep code scan will cover this entry explicitly, but review this path choice carefully.`,
+				remediation: "Prefer extension entrypoints under normal source paths like dist/ or src/."
+			});
+			forcedScanEntries.push(resolvedEntry);
+		}
+		if (escapedEntries.length > 0) findings.push({
+			checkId: "plugins.code_safety.entry_escape",
+			severity: "critical",
+			title: `Plugin "${pluginName}" has extension entry path traversal`,
+			detail: `Found extension entries that escape the plugin directory:\n${escapedEntries.map((entry) => `  - ${entry}`).join("\n")}`,
+			remediation: "Update the plugin manifest so all openclaw.extensions entries stay inside the plugin directory."
+		});
+		const summary = await scanDirectoryWithSummary(pluginPath, { includeFiles: forcedScanEntries }).catch((err) => {
+			findings.push({
+				checkId: "plugins.code_safety.scan_failed",
+				severity: "warn",
+				title: `Plugin "${pluginName}" code scan failed`,
+				detail: `Static code scan could not complete: ${String(err)}`,
+				remediation: "Check file permissions and plugin layout, then rerun `openclaw security audit --deep`."
+			});
+			return null;
+		});
+		if (!summary) continue;
+		if (summary.critical > 0) {
+			const details = formatCodeSafetyDetails(summary.findings.filter((f) => f.severity === "critical"), pluginPath);
+			findings.push({
+				checkId: "plugins.code_safety",
+				severity: "critical",
+				title: `Plugin "${pluginName}" contains dangerous code patterns`,
+				detail: `Found ${summary.critical} critical issue(s) in ${summary.scannedFiles} scanned file(s):\n${details}`,
+				remediation: "Review the plugin source code carefully before use. If untrusted, remove the plugin from your OpenClaw extensions state directory."
+			});
+		} else if (summary.warn > 0) {
+			const details = formatCodeSafetyDetails(summary.findings.filter((f) => f.severity === "warn"), pluginPath);
+			findings.push({
+				checkId: "plugins.code_safety",
+				severity: "warn",
+				title: `Plugin "${pluginName}" contains suspicious code patterns`,
+				detail: `Found ${summary.warn} warning(s) in ${summary.scannedFiles} scanned file(s):\n${details}`,
+				remediation: `Review the flagged code to ensure it is intentional and safe.`
+			});
+		}
+	}
+	return findings;
+}
+async function collectInstalledSkillsCodeSafetyFindings(params) {
+	const findings = [];
+	const pluginExtensionsDir = path.join(params.stateDir, "extensions");
+	const scannedSkillDirs = /* @__PURE__ */ new Set();
+	const workspaceDirs = listWorkspaceDirs(params.cfg);
+	for (const workspaceDir of workspaceDirs) {
+		const entries = loadWorkspaceSkillEntries(workspaceDir, { config: params.cfg });
+		for (const entry of entries) {
+			if (entry.skill.source === "openclaw-bundled") continue;
+			const skillDir = path.resolve(entry.skill.baseDir);
+			if (isPathInside(pluginExtensionsDir, skillDir)) continue;
+			if (scannedSkillDirs.has(skillDir)) continue;
+			scannedSkillDirs.add(skillDir);
+			const skillName = entry.skill.name;
+			const summary = await scanDirectoryWithSummary(skillDir).catch((err) => {
+				findings.push({
+					checkId: "skills.code_safety.scan_failed",
+					severity: "warn",
+					title: `Skill "${skillName}" code scan failed`,
+					detail: `Static code scan could not complete for ${skillDir}: ${String(err)}`,
+					remediation: "Check file permissions and skill layout, then rerun `openclaw security audit --deep`."
+				});
+				return null;
+			});
+			if (!summary) continue;
+			if (summary.critical > 0) {
+				const details = formatCodeSafetyDetails(summary.findings.filter((finding) => finding.severity === "critical"), skillDir);
+				findings.push({
+					checkId: "skills.code_safety",
+					severity: "critical",
+					title: `Skill "${skillName}" contains dangerous code patterns`,
+					detail: `Found ${summary.critical} critical issue(s) in ${summary.scannedFiles} scanned file(s) under ${skillDir}:\n${details}`,
+					remediation: `Review the skill source code before use. If untrusted, remove "${skillDir}".`
+				});
+			} else if (summary.warn > 0) {
+				const details = formatCodeSafetyDetails(summary.findings.filter((finding) => finding.severity === "warn"), skillDir);
+				findings.push({
+					checkId: "skills.code_safety",
+					severity: "warn",
+					title: `Skill "${skillName}" contains suspicious code patterns`,
+					detail: `Found ${summary.warn} warning(s) in ${summary.scannedFiles} scanned file(s) under ${skillDir}:\n${details}`,
+					remediation: "Review flagged lines to ensure the behavior is intentional and safe."
+				});
+			}
+		}
+	}
+	return findings;
+}
 
 //#endregion
 //#region src/security/audit.ts
@@ -1653,6 +1813,13 @@ async function runSecurityAudit(opts) {
 			cfg,
 			stateDir
 		}));
+		if (opts.deep === true) {
+			findings.push(...await collectPluginsCodeSafetyFindings({ stateDir }));
+			findings.push(...await collectInstalledSkillsCodeSafetyFindings({
+				cfg,
+				stateDir
+			}));
+		}
 	}
 	if (opts.includeChannelSecurity !== false) {
 		const plugins = opts.plugins ?? listChannelPlugins();

package/dist/{auth-viF_w60n.js → auth-CbhB03Rz.js}

@@ -1,5 +1,5 @@
-import { c as readTailscaleWhoisIdentity } from "./tailscale-BUcKO8Rr.js";
-import { i as parseForwardedForClientIp, o as resolveGatewayClientIp, r as isTrustedProxyAddress } from "./net-DaJz_a4n.js";
+import { c as readTailscaleWhoisIdentity } from "./tailscale-BVGD9gSD.js";
+import { i as parseForwardedForClientIp, o as resolveGatewayClientIp, r as isTrustedProxyAddress } from "./net-C8YRVt16.js";
 import { timingSafeEqual } from "node:crypto";
 
 //#region src/gateway/auth.ts

package/dist/{auth-DK3l201_.js → auth-DksjO6WG.js}

@@ -1,5 +1,5 @@
-import { c as readTailscaleWhoisIdentity } from "./tailscale-Cvk3mQDZ.js";
-import { i as parseForwardedForClientIp, o as resolveGatewayClientIp, r as isTrustedProxyAddress } from "./net-DeiCIMU6.js";
+import { c as readTailscaleWhoisIdentity } from "./tailscale-9MusRvOi.js";
+import { i as parseForwardedForClientIp, o as resolveGatewayClientIp, r as isTrustedProxyAddress } from "./net-CWMMy37F.js";
 import { timingSafeEqual } from "node:crypto";
 
 //#region src/gateway/auth.ts

package/dist/{auth-health-DcKoxhDo.js → auth-health-C4bElkgf.js}

@@ -1,4 +1,4 @@
-import { yt as resolveAuthProfileDisplayLabel } from "./auth-profiles-CfFGCDJa.js";
+import { vt as resolveAuthProfileDisplayLabel } from "./auth-profiles-CYBuGiBb.js";
 
 //#region src/agents/auth-health.ts
 const DEFAULT_OAUTH_WARN_MS = 1440 * 60 * 1e3;

package/dist/{auth-health-Ba9GTScq.js → auth-health-Ctf-_JFE.js}

@@ -1,4 +1,4 @@
-import { gt as resolveAuthProfileDisplayLabel } from "./model-selection-Cp1maz7B.js";
+import { ht as resolveAuthProfileDisplayLabel } from "./model-selection-DMUrNhQP.js";
 
 //#region src/agents/auth-health.ts
 const DEFAULT_OAUTH_WARN_MS = 1440 * 60 * 1e3;

package/dist/{auth-profiles-CfFGCDJa.js → auth-profiles-CYBuGiBb.js}

@@ -1,8 +1,10 @@
+import { t as __exportAll } from "./rolldown-runtime-Cbj13DAv.js";
 import { X as resolveStateDir, Y as resolveOAuthPath, n as isTruthyEnvValue, o as createSubsystemLogger } from "./entry.js";
-import { t as formatCliCommand } from "./command-format-3xiXujG0.js";
-import { D as DEFAULT_AGENT_ID, a as resolveAgentModelPrimary } from "./agent-scope-jm0ZdXwM.js";
-import { m as resolveUserPath } from "./utils-PmTbZoD1.js";
-import { a as saveJsonFile, i as loadJsonFile, r as resolveCopilotApiToken, t as DEFAULT_COPILOT_API_BASE_URL } from "./github-copilot-token-rP-6QdKv.js";
+import { t as formatCliCommand } from "./command-format-ayFsmwwz.js";
+import { n as DEFAULT_AGENT_ID } from "./session-key-CZkcvAtx.js";
+import { m as resolveUserPath } from "./utils-DX85MiPR.js";
+import { a as resolveAgentModelPrimary } from "./agent-scope-C9VjJXEK.js";
+import { a as saveJsonFile, i as loadJsonFile, r as resolveCopilotApiToken, t as DEFAULT_COPILOT_API_BASE_URL } from "./github-copilot-token-SLWintYd.js";
 import { execFileSync, execSync } from "node:child_process";
 import path from "node:path";
 import fs from "node:fs";
@@ -46,7 +48,7 @@ function resolveAuthProfileDisplayLabel(params) {
 //#endregion
 //#region src/agents/defaults.ts
 const DEFAULT_PROVIDER = "anthropic";
-const DEFAULT_MODEL = "claude-opus-4-5";
+const DEFAULT_MODEL = "claude-opus-4-6";
 const DEFAULT_CONTEXT_TOKENS = 2e5;
 
 //#endregion
@@ -466,7 +468,7 @@ async function resolveApiKeyForProvider(params) {
 	const normalized = normalizeProviderId(provider);
 	if (authOverride === void 0 && normalized === "amazon-bedrock") return resolveAwsSdkAuthInfo();
 	if (provider === "openai") {
-		if (listProfilesForProvider(store, "openai-codex").length > 0) throw new Error("No API key found for provider \"openai\". You are authenticated with OpenAI Codex OAuth. Use openai-codex/gpt-5.2 (ChatGPT OAuth) or set OPENAI_API_KEY for openai/gpt-5.2.");
+		if (listProfilesForProvider(store, "openai-codex").length > 0) throw new Error("No API key found for provider \"openai\". You are authenticated with OpenAI Codex OAuth. Use openai-codex/gpt-5.3-codex (OAuth) or set OPENAI_API_KEY to use openai/gpt-5.1-codex.");
 	}
 	const authStorePath = resolveAuthStorePathForDisplay(params.agentDir);
 	const resolvedAgentDir = path.dirname(authStorePath);
@@ -519,7 +521,8 @@ function resolveEnvApiKey(provider) {
 		synthetic: "SYNTHETIC_API_KEY",
 		venice: "VENICE_API_KEY",
 		mistral: "MISTRAL_API_KEY",
-		opencode: "OPENCODE_API_KEY"
+		opencode: "OPENCODE_API_KEY",
+		ollama: "OLLAMA_API_KEY"
 	}[normalized];
 	if (!envVar) return null;
 	return pick(envVar);
@@ -1138,7 +1141,8 @@ async function discoverOllamaModels() {
 				input: ["text"],
 				cost: OLLAMA_DEFAULT_COST,
 				contextWindow: OLLAMA_DEFAULT_CONTEXT_WINDOW,
-				maxTokens: OLLAMA_DEFAULT_MAX_TOKENS
+				maxTokens: OLLAMA_DEFAULT_MAX_TOKENS,
+				params: { streaming: false }
 			};
 		});
 	} catch (error) {
@@ -1480,6 +1484,11 @@ async function resolveImplicitBedrockProvider(params) {
 
 //#endregion
 //#region src/agents/model-selection.ts
+const ANTHROPIC_MODEL_ALIASES = {
+	"opus-4.6": "claude-opus-4-6",
+	"opus-4.5": "claude-opus-4-5",
+	"sonnet-4.5": "claude-sonnet-4-5"
+};
 function normalizeAliasKey(value) {
 	return value.trim().toLowerCase();
 }
@@ -1504,10 +1513,7 @@ function isCliProvider(provider, cfg) {
 function normalizeAnthropicModelId(model) {
 	const trimmed = model.trim();
 	if (!trimmed) return trimmed;
-	const lower = trimmed.toLowerCase();
-	if (lower === "opus-4.5") return "claude-opus-4-5";
-	if (lower === "sonnet-4.5") return "claude-sonnet-4-5";
-	return trimmed;
+	return ANTHROPIC_MODEL_ALIASES[trimmed.toLowerCase()] ?? trimmed;
 }
 function normalizeProviderModelId(provider, model) {
 	if (provider === "anthropic") return normalizeAnthropicModelId(model);
@@ -1533,6 +1539,21 @@ function parseModelRef(raw, defaultProvider) {
 		model: normalizeProviderModelId(provider, model)
 	};
 }
+function resolveAllowlistModelKey(raw, defaultProvider) {
+	const parsed = parseModelRef(raw, defaultProvider);
+	if (!parsed) return null;
+	return modelKey(parsed.provider, parsed.model);
+}
+function buildConfiguredAllowlistKeys(params) {
+	const rawAllowlist = Object.keys(params.cfg?.agents?.defaults?.models ?? {});
+	if (rawAllowlist.length === 0) return null;
+	const keys = /* @__PURE__ */ new Set();
+	for (const raw of rawAllowlist) {
+		const key = resolveAllowlistModelKey(String(raw ?? ""), params.defaultProvider);
+		if (key) keys.add(key);
+	}
+	return keys.size > 0 ? keys : null;
+}
 function buildModelAliasIndex(params) {
 	const byAlias = /* @__PURE__ */ new Map();
 	const byKey = /* @__PURE__ */ new Map();
@@ -2910,4 +2931,8 @@ function orderProfilesByMode(order, store) {
 }
 
 //#endregion
-export { buildSyntheticModelDefinition as $, modelKey as A, buildXiaomiProvider as B, resolveAuthStorePath as C, buildModelAliasIndex as D, buildAllowedModelSet as E, resolveDefaultModelForAgent as F, resolveImplicitProviders as G, normalizeProviders as H, resolveHooksGmailModel as I, VENICE_MODEL_CATALOG as J, VENICE_BASE_URL as K, resolveModelRefFromString as L, parseModelRef as M, resolveAllowedModelRef as N, getModelRefStatus as O, resolveConfiguredModelRef as P, SYNTHETIC_MODEL_CATALOG as Q, resolveThinkingDefault as R, updateAuthProfileStoreWithLock as S, resolveOpenClawAgentDir as T, resolveImplicitBedrockProvider as U, normalizeGoogleModelId as V, resolveImplicitCopilotProvider as W, SYNTHETIC_BASE_URL as X, buildVeniceModelDefinition as Y, SYNTHETIC_DEFAULT_MODEL_REF as Z, setAuthProfileOrder as _, DEFAULT_MODEL as _t, markAuthProfileUsed as a, resolveEnvApiKey as at, loadAuthProfileStore as b, CLAUDE_CLI_PROFILE_ID as bt, CHUTES_AUTHORIZE_ENDPOINT as c, getShellPathFromLoginShell as ct, parseOAuthCallbackInput as d, shouldDeferShellEnvFallback as dt, getApiKeyForModel as et, formatAuthDoctorHint as f, shouldEnableShellEnvFallback as ft, markAuthProfileGood as g, DEFAULT_CONTEXT_TOKENS as gt, listProfilesForProvider as h, resolveCloudflareAiGatewayBaseUrl as ht, markAuthProfileFailure as i, resolveAwsSdkEnvVarName as it, normalizeProviderId as j, isCliProvider as k, exchangeChutesCodeForTokens as l, loadShellEnvFallback as lt, suggestOAuthProfileIdForLegacyDefault as m, buildCloudflareAiGatewayModelDefinition as mt, calculateAuthProfileCooldownMs as n, requireApiKey as nt, resolveProfileUnusableUntilForDisplay as o, resolveModelAuthMode as ot, repairOAuthProfileIdMismatch as p, CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF as pt, VENICE_DEFAULT_MODEL_REF as q, isProfileInCooldown as r, resolveApiKeyForProvider as rt, resolveApiKeyForProfile as s, getShellEnvAppliedKeys as st, resolveAuthProfileOrder as t, getCustomProviderApiKey as tt, generateChutesPkce as u, resolveShellEnvFallbackTimeoutMs as ut, upsertAuthProfile as v, DEFAULT_PROVIDER as vt, resolveAuthStorePathForDisplay as w, saveAuthProfileStore as x, CODEX_CLI_PROFILE_ID as xt, ensureAuthProfileStore as y, resolveAuthProfileDisplayLabel as yt, XIAOMI_DEFAULT_MODEL_ID as z };
+//#region src/agents/auth-profiles.ts
+var auth_profiles_exports = /* @__PURE__ */ __exportAll({ ensureAuthProfileStore: () => ensureAuthProfileStore });
+
+//#endregion
+export { getApiKeyForModel as $, parseModelRef as A, normalizeGoogleModelId as B, buildAllowedModelSet as C, isCliProvider as D, getModelRefStatus as E, resolveHooksGmailModel as F, VENICE_BASE_URL as G, resolveImplicitBedrockProvider as H, resolveModelRefFromString as I, buildVeniceModelDefinition as J, VENICE_DEFAULT_MODEL_REF as K, resolveThinkingDefault as L, resolveAllowlistModelKey as M, resolveConfiguredModelRef as N, modelKey as O, resolveDefaultModelForAgent as P, buildSyntheticModelDefinition as Q, XIAOMI_DEFAULT_MODEL_ID as R, resolveOpenClawAgentDir as S, buildModelAliasIndex as T, resolveImplicitCopilotProvider as U, normalizeProviders as V, resolveImplicitProviders as W, SYNTHETIC_DEFAULT_MODEL_REF as X, SYNTHETIC_BASE_URL as Y, SYNTHETIC_MODEL_CATALOG as Z, ensureAuthProfileStore as _, DEFAULT_PROVIDER as _t, markAuthProfileUsed as a, resolveModelAuthMode as at, resolveAuthStorePath as b, CODEX_CLI_PROFILE_ID as bt, CHUTES_AUTHORIZE_ENDPOINT as c, loadShellEnvFallback as ct, parseOAuthCallbackInput as d, shouldEnableShellEnvFallback as dt, getCustomProviderApiKey as et, repairOAuthProfileIdMismatch as f, CLOUDFLARE_AI_GATEWAY_DEFAULT_MODEL_REF as ft, upsertAuthProfile as g, DEFAULT_MODEL as gt, setAuthProfileOrder as h, DEFAULT_CONTEXT_TOKENS as ht, markAuthProfileFailure as i, resolveEnvApiKey as it, resolveAllowedModelRef as j, normalizeProviderId as k, exchangeChutesCodeForTokens as l, resolveShellEnvFallbackTimeoutMs as lt, markAuthProfileGood as m, resolveCloudflareAiGatewayBaseUrl as mt, resolveAuthProfileOrder as n, resolveApiKeyForProvider as nt, resolveProfileUnusableUntilForDisplay as o, getShellEnvAppliedKeys as ot, listProfilesForProvider as p, buildCloudflareAiGatewayModelDefinition as pt, VENICE_MODEL_CATALOG as q, isProfileInCooldown as r, resolveAwsSdkEnvVarName as rt, resolveApiKeyForProfile as s, getShellPathFromLoginShell as st, auth_profiles_exports as t, requireApiKey as tt, generateChutesPkce as u, shouldDeferShellEnvFallback as ut, loadAuthProfileStore as v, resolveAuthProfileDisplayLabel as vt, buildConfiguredAllowlistKeys as w, resolveAuthStorePathForDisplay as x, updateAuthProfileStoreWithLock as y, CLAUDE_CLI_PROFILE_ID as yt, buildXiaomiProvider as z };

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "2026.2.4",
+  "version": "2026.2.5",
   "commit": null,
-  "builtAt": "2026-02-04T12:21:23.568Z"
+  "builtAt": "2026-02-06T09:28:05.538Z"
 }