@token-security/clawdit 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Token Security
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,197 @@
+<p align="center">
+  <img src="./assets/logo.png" alt="clawdit" width="400">
+</p>
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+[![Node.js](https://img.shields.io/badge/node-%3E%3D18-brightgreen.svg)](package.json)
+[![GitHub stars](https://img.shields.io/github/stars/token-security/clawdit?style=social)](https://github.com/token-security/clawdit)
+
+> Security audit tool for OpenClaw configurations. Find misconfigurations before attackers do.
+
+## Features
+
+- **Auto-discovery** - Finds config files in standard locations
+- **35 security checks** - Across 8 categories (network, auth, execution, secrets, and more)
+- **CI/CD ready** - JSON output with structured exit codes
+- **Stdin support** - Pipe configs directly for scripting
+- **Zero config** - Works out of the box
+
+## Demo
+
+<!-- PLACEHOLDER: Add a terminal GIF or screenshot showing clawdit in action -->
+<!-- Tools like asciinema, terminalizer, or vhs can record terminal sessions -->
+<!-- Example: ![clawdit demo](./assets/demo.gif) -->
+
+```bash
+$ clawdit
+clawdit v0.1.0
+
+Scanning: /home/user/.openclaw/openclaw.json
+
+ HIGH  NET-001  Gateway binding to 0.0.0.0 exposes service to all interfaces
+ HIGH  AUTH-002 No authentication configured for gateway
+ MED   SEC-003  Config file has overly permissive permissions (0644)
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+Summary: 2 HIGH, 1 MEDIUM, 0 LOW (35 checks run)
+```
+
+## Quick Start
+
+### Installation
+
+```bash
+npm install -g @token-security/clawdit
+```
+
+Or from source:
+```bash
+git clone https://github.com/token-security/clawdit.git
+cd clawdit && npm install && npm run build
+npm install -g .
+```
+
+### Uninstall
+
+```bash
+npm uninstall -g @token-security/clawdit
+```
+
+### Usage
+
+```bash
+clawdit                          # Auto-discover config and audit
+clawdit /path/to/config.json     # Audit specific file
+clawdit -                        # Read from stdin
+clawdit --format=json            # JSON output (default when piped)
+clawdit --list-checks            # List all security checks
+clawdit --severity=high          # Only show HIGH findings
+clawdit --help                   # Full options
+```
+
+## Security Checks
+
+### Network (NET)
+
+| ID | Severity | Description |
+|----|----------|-------------|
+| NET-001 | HIGH | Gateway bound to all interfaces |
+| NET-002 | MEDIUM | Non-default gateway port |
+| NET-003 | LOW | Gateway bound to tailnet without token auth |
+
+### Authentication (AUTH)
+
+| ID | Severity | Description |
+|----|----------|-------------|
+| AUTH-001 | HIGH | Device authentication disabled |
+| AUTH-002 | HIGH | Insecure auth fallback enabled |
+| AUTH-003 | HIGH | No gateway authentication configured |
+| AUTH-004 | MEDIUM | Trusted proxies includes non-private IPs |
+| AUTH-005 | MEDIUM | Hooks token not configured |
+| AUTH-006 | MEDIUM | Node pairing credentials exposed |
+| AUTH-007 | LOW | Missing trusted proxies configuration |
+
+### Execution (EXEC)
+
+| ID | Severity | Description |
+|----|----------|-------------|
+| EXEC-001 | HIGH | Exec security set to full |
+| EXEC-002 | HIGH | Sandbox disabled for all sessions |
+| EXEC-003 | HIGH | Elevated mode enabled without restrictions |
+| EXEC-004 | MEDIUM | Exec approval fallback not set to deny |
+| EXEC-005 | MEDIUM | Sandbox only protects non-main sessions |
+| EXEC-006 | HIGH | Sandbox scope enables cross-agent access |
+| EXEC-007 | MEDIUM | Workspace access too permissive |
+
+### Secrets (SEC)
+
+| ID | Severity | Description |
+|----|----------|-------------|
+| SEC-001 | HIGH | API keys hardcoded in config |
+| SEC-002 | HIGH | Configuration file is world-readable |
+| SEC-003 | HIGH | Credentials directory exposed |
+| SEC-004 | MEDIUM | .env file is readable by other users |
+| SEC-005 | MEDIUM | Session transcripts exposed |
+| SEC-006 | LOW | Log redaction disabled |
+| SEC-007 | LOW | No custom redact patterns |
+| SEC-008 | MEDIUM | State directory has insecure permissions |
+
+### Discovery (DISC)
+
+| ID | Severity | Description |
+|----|----------|-------------|
+| DISC-001 | MEDIUM | mDNS full mode exposes system info |
+| DISC-002 | LOW | mDNS enabled (information disclosure) |
+
+### Channels (CHAN)
+
+| ID | Severity | Description |
+|----|----------|-------------|
+| CHAN-001 | HIGH | Open DM policy without allowlist |
+| CHAN-002 | MEDIUM | Group policy not set to allowlist |
+| CHAN-003 | LOW | Require mention disabled in groups |
+| CHAN-004 | MEDIUM | DM session isolation disabled |
+| CHAN-005 | LOW | Verbose/reasoning enabled in groups |
+
+### Model (MODEL)
+
+| ID | Severity | Description |
+|----|----------|-------------|
+| MODEL-001 | LOW | Weak model with tools enabled |
+
+### Plugins (PLUG)
+
+| ID | Severity | Description |
+|----|----------|-------------|
+| PLUG-001 | MEDIUM | Plugins without explicit allowlist |
+| PLUG-002 | MEDIUM | Plugin directory permissions exposed |
+
+## Scripting
+
+```bash
+# Check exit code in scripts
+clawdit config.json && echo "All clear" || echo "Issues found: $?"
+
+# Parse JSON output
+clawdit --format=json | jq '.findings[] | {id, severity, name}'
+
+# Pipe config from another command
+cat config.json | clawdit -
+```
+
+## Exit Codes
+
+| Code | Meaning |
+|------|---------|
+| 0 | All checks passed |
+| 1 | HIGH severity findings |
+| 2 | MEDIUM severity findings |
+| 3 | LOW severity findings |
+| 10+ | Configuration/runtime errors |
+
+## Versioning
+
+This project follows [Semantic Versioning](https://semver.org/):
+
+| Version Bump | When to Use | Example |
+|--------------|-------------|---------|
+| **MAJOR** (x.0.0) | Breaking changes: removed checks, changed exit codes, incompatible CLI flags | 1.0.0 → 2.0.0 |
+| **MINOR** (0.x.0) | New features: new checks, new output formats, new CLI options | 0.1.0 → 0.2.0 |
+| **PATCH** (0.0.x) | Bug fixes: fixed false positives, documentation updates | 0.1.0 → 0.1.1 |
+
+To release a new version:
+```bash
+npm version patch|minor|major
+git push --follow-tags
+npm publish --access public
+```
+
+## Contributing
+
+PRs welcome! Please run `npm test` before submitting.
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines and [CLAUDE.md](CLAUDE.md) for architecture details.
+
+## License
+
+[MIT](LICENSE) - Token Security

package/dist/checks/auth-001-device-auth-disabled.d.ts

@@ -0,0 +1,10 @@
+/**
+ * AUTH-001: Device authentication disabled
+ *
+ * Detects when device authentication is explicitly disabled, allowing
+ * unauthorized control of the gateway.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=auth-001-device-auth-disabled.d.ts.map

package/dist/checks/auth-001-device-auth-disabled.js

@@ -0,0 +1,34 @@
+/**
+ * AUTH-001: Device authentication disabled
+ *
+ * Detects when device authentication is explicitly disabled, allowing
+ * unauthorized control of the gateway.
+ */
+import { getValueAtPath } from '../utils.js';
+const check = {
+    id: 'AUTH-001',
+    severity: 'HIGH',
+    name: 'Device authentication disabled',
+    execute(ctx) {
+        const disabled = getValueAtPath(ctx.config, 'gateway.controlUi.dangerouslyDisableDeviceAuth');
+        if (disabled === true) {
+            return [{
+                    id: 'AUTH-001',
+                    severity: 'HIGH',
+                    name: 'Device authentication disabled',
+                    location: { file: ctx.configPath, path: 'gateway.controlUi.dangerouslyDisableDeviceAuth' },
+                    currentValue: true,
+                    expectedValue: 'false (or not set)',
+                    risk: 'Attackers can bypass device identity verification, enabling unauthorized control of the gateway from any paired client.',
+                    fix: {
+                        description: 'Remove or set to false in config',
+                        command: `jq 'del(.gateway.controlUi.dangerouslyDisableDeviceAuth)' ${ctx.configPath} > tmp.json && mv tmp.json ${ctx.configPath}`,
+                    },
+                    references: ['https://docs.openclaw.ai/gateway/security#device-authentication'],
+                }];
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=auth-001-device-auth-disabled.js.map

package/dist/checks/auth-002-insecure-fallback.d.ts

@@ -0,0 +1,10 @@
+/**
+ * AUTH-002: Insecure auth fallback enabled
+ *
+ * Detects when insecure authentication fallback is enabled, allowing
+ * authentication to be bypassed.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=auth-002-insecure-fallback.d.ts.map

package/dist/checks/auth-002-insecure-fallback.js

@@ -0,0 +1,34 @@
+/**
+ * AUTH-002: Insecure auth fallback enabled
+ *
+ * Detects when insecure authentication fallback is enabled, allowing
+ * authentication to be bypassed.
+ */
+import { getValueAtPath } from '../utils.js';
+const check = {
+    id: 'AUTH-002',
+    severity: 'HIGH',
+    name: 'Insecure auth fallback enabled',
+    execute(ctx) {
+        const insecure = getValueAtPath(ctx.config, 'gateway.controlUi.allowInsecureAuth');
+        if (insecure === true) {
+            return [{
+                    id: 'AUTH-002',
+                    severity: 'HIGH',
+                    name: 'Insecure auth fallback enabled',
+                    location: { file: ctx.configPath, path: 'gateway.controlUi.allowInsecureAuth' },
+                    currentValue: true,
+                    expectedValue: 'false (or not set)',
+                    risk: 'Authentication can be bypassed using insecure fallback mechanisms, allowing unauthorized access.',
+                    fix: {
+                        description: 'Remove or set to false in config',
+                        command: `jq 'del(.gateway.controlUi.allowInsecureAuth)' ${ctx.configPath} > tmp.json && mv tmp.json ${ctx.configPath}`,
+                    },
+                    references: ['https://docs.openclaw.ai/gateway/security#authentication'],
+                }];
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=auth-002-insecure-fallback.js.map

package/dist/checks/auth-003-no-gateway-auth.d.ts

@@ -0,0 +1,10 @@
+/**
+ * AUTH-003: No gateway authentication configured
+ *
+ * Detects when the gateway is network-accessible but has no authentication
+ * configured, allowing anyone to control it.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=auth-003-no-gateway-auth.d.ts.map

package/dist/checks/auth-003-no-gateway-auth.js

@@ -0,0 +1,40 @@
+/**
+ * AUTH-003: No gateway authentication configured
+ *
+ * Detects when the gateway is network-accessible but has no authentication
+ * configured, allowing anyone to control it.
+ */
+import { getValueAtPath, hasGatewayAuth } from '../utils.js';
+const check = {
+    id: 'AUTH-003',
+    severity: 'HIGH',
+    name: 'No gateway authentication configured',
+    execute(ctx) {
+        const bind = getValueAtPath(ctx.config, 'gateway.bind');
+        // Skip if gateway.bind is not configured (safe default)
+        if (bind === undefined)
+            return [];
+        // Only check if not bound to loopback
+        if (bind !== 'loopback' && bind !== '127.0.0.1' && bind !== 'localhost') {
+            if (!hasGatewayAuth(ctx.config)) {
+                return [{
+                        id: 'AUTH-003',
+                        severity: 'HIGH',
+                        name: 'No gateway authentication configured',
+                        location: { file: ctx.configPath, path: 'gateway.auth' },
+                        currentValue: 'not configured',
+                        expectedValue: 'gateway.auth.token or gateway.auth.password set',
+                        risk: 'The gateway is network-accessible but has no authentication configured. Anyone who can reach the gateway can control it.',
+                        fix: {
+                            description: 'Configure authentication token',
+                            command: `jq '.gateway.auth.token = "YOUR_SECRET_TOKEN"' ${ctx.configPath} > tmp.json && mv tmp.json ${ctx.configPath}`,
+                        },
+                        references: ['https://docs.openclaw.ai/gateway/security#authentication'],
+                    }];
+            }
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=auth-003-no-gateway-auth.js.map

package/dist/checks/auth-004-public-trusted-proxies.d.ts

@@ -0,0 +1,10 @@
+/**
+ * AUTH-004: Trusted proxies includes non-private IPs
+ *
+ * Detects when the trusted proxies list contains public (non-RFC1918/RFC6598) IP addresses,
+ * which could allow IP spoofing attacks.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=auth-004-public-trusted-proxies.d.ts.map

package/dist/checks/auth-004-public-trusted-proxies.js

@@ -0,0 +1,37 @@
+/**
+ * AUTH-004: Trusted proxies includes non-private IPs
+ *
+ * Detects when the trusted proxies list contains public (non-RFC1918/RFC6598) IP addresses,
+ * which could allow IP spoofing attacks.
+ */
+import { getValueAtPath, isPrivateIP } from '../utils.js';
+const check = {
+    id: 'AUTH-004',
+    severity: 'MEDIUM',
+    name: 'Trusted proxies includes non-private IPs',
+    execute(ctx) {
+        const trustedProxies = getValueAtPath(ctx.config, 'gateway.trustedProxies');
+        if (!Array.isArray(trustedProxies))
+            return [];
+        const publicIPs = trustedProxies.filter((ip) => typeof ip === 'string' && !isPrivateIP(ip));
+        if (publicIPs.length > 0) {
+            return [{
+                    id: 'AUTH-004',
+                    severity: 'MEDIUM',
+                    name: 'Trusted proxies includes non-private IPs',
+                    location: { file: ctx.configPath, path: 'gateway.trustedProxies' },
+                    currentValue: publicIPs.join(', '),
+                    expectedValue: 'Only private IPs (RFC1918/RFC6598)',
+                    risk: `Public IP addresses in trusted proxies can be spoofed. Attackers could manipulate X-Forwarded-For headers to bypass IP-based access controls.`,
+                    fix: {
+                        description: 'Remove public IPs from trusted proxies',
+                        command: `jq '.gateway.trustedProxies = [.gateway.trustedProxies[] | select(. | test("^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.|127\\\\.|100\\\\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\\\\.)") or . == "loopback" or . == "localhost")]' ${ctx.configPath} > tmp.json && mv tmp.json ${ctx.configPath}`,
+                    },
+                    references: ['https://docs.openclaw.ai/gateway/security#trusted-proxies'],
+                }];
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=auth-004-public-trusted-proxies.js.map

package/dist/checks/auth-005-hooks-no-token.d.ts

@@ -0,0 +1,10 @@
+/**
+ * AUTH-005: Hooks token not configured
+ *
+ * Detects when hooks are enabled but no authentication token is configured,
+ * allowing unauthenticated webhook requests.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=auth-005-hooks-no-token.d.ts.map

package/dist/checks/auth-005-hooks-no-token.js

@@ -0,0 +1,42 @@
+/**
+ * AUTH-005: Hooks token not configured
+ *
+ * Detects when hooks are enabled but no authentication token is configured,
+ * allowing unauthenticated webhook requests.
+ */
+import { getValueAtPath } from '../utils.js';
+const check = {
+    id: 'AUTH-005',
+    severity: 'MEDIUM',
+    name: 'Hooks token not configured',
+    execute(ctx) {
+        const hooks = getValueAtPath(ctx.config, 'hooks');
+        if (!hooks || typeof hooks !== 'object')
+            return [];
+        const hooksConfig = hooks;
+        const enabled = hooksConfig.enabled;
+        const token = hooksConfig.token;
+        // Check if hooks are enabled (explicit or implicit via having hook definitions)
+        const hasHookDefinitions = Object.keys(hooksConfig).some(key => key !== 'enabled' && key !== 'token' && typeof hooksConfig[key] === 'object');
+        const hooksEnabled = enabled === true || (enabled !== false && hasHookDefinitions);
+        if (hooksEnabled && (!token || (typeof token === 'string' && token.length === 0))) {
+            return [{
+                    id: 'AUTH-005',
+                    severity: 'MEDIUM',
+                    name: 'Hooks token not configured',
+                    location: { file: ctx.configPath, path: 'hooks.token' },
+                    currentValue: token ?? 'not set',
+                    expectedValue: 'A secure token string',
+                    risk: 'Hooks are enabled without authentication. Attackers who discover the webhook endpoint can trigger arbitrary hook events.',
+                    fix: {
+                        description: 'Configure a secure token for webhook authentication',
+                        command: `jq '.hooks.token = "your-secure-webhook-token"' ${ctx.configPath} > tmp.json && mv tmp.json ${ctx.configPath}`,
+                    },
+                    references: ['https://docs.openclaw.ai/hooks/security#authentication'],
+                }];
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=auth-005-hooks-no-token.js.map

package/dist/checks/auth-006-pairing-exposed.d.ts

@@ -0,0 +1,10 @@
+/**
+ * AUTH-006: Node pairing credentials exposed
+ *
+ * Detects when ~/.openclaw/nodes/paired.json has permissions other than 600,
+ * potentially exposing node pairing credentials to other users.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=auth-006-pairing-exposed.d.ts.map

package/dist/checks/auth-006-pairing-exposed.js

@@ -0,0 +1,46 @@
+/**
+ * AUTH-006: Node pairing credentials exposed
+ *
+ * Detects when ~/.openclaw/nodes/paired.json has permissions other than 600,
+ * potentially exposing node pairing credentials to other users.
+ */
+import { getFileMode, formatMode } from '../utils.js';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { existsSync } from 'node:fs';
+const check = {
+    id: 'AUTH-006',
+    severity: 'MEDIUM',
+    name: 'Node pairing credentials exposed',
+    execute(ctx) {
+        const pairedPath = join(homedir(), '.openclaw', 'nodes', 'paired.json');
+        // Skip if file doesn't exist
+        if (!existsSync(pairedPath))
+            return [];
+        const mode = getFileMode(pairedPath);
+        // Skip on Windows
+        if (mode === null)
+            return [];
+        // Check if group or other has any permissions
+        const groupOther = mode & 0o077;
+        if (groupOther > 0) {
+            return [{
+                    id: 'AUTH-006',
+                    severity: 'MEDIUM',
+                    name: 'Node pairing credentials exposed',
+                    location: { file: pairedPath, path: null },
+                    currentValue: formatMode(mode),
+                    expectedValue: '600',
+                    risk: 'Node pairing credentials are readable by other users on the system. An attacker could use these credentials to impersonate paired nodes.',
+                    fix: {
+                        description: 'Restrict file permissions',
+                        command: `chmod 600 ${pairedPath}`,
+                    },
+                    references: ['https://docs.openclaw.ai/nodes/security#pairing-credentials'],
+                }];
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=auth-006-pairing-exposed.js.map

package/dist/checks/auth-007-missing-trusted-proxies.d.ts

@@ -0,0 +1,11 @@
+/**
+ * AUTH-007: Missing trusted proxies configuration
+ *
+ * Detects when gateway is bound to loopback but trustedProxies is not configured.
+ * This is a low-severity informational check because it only matters if the
+ * service is exposed through a reverse proxy.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=auth-007-missing-trusted-proxies.d.ts.map

package/dist/checks/auth-007-missing-trusted-proxies.js

@@ -0,0 +1,46 @@
+/**
+ * AUTH-007: Missing trusted proxies configuration
+ *
+ * Detects when gateway is bound to loopback but trustedProxies is not configured.
+ * This is a low-severity informational check because it only matters if the
+ * service is exposed through a reverse proxy.
+ */
+import { getValueAtPath } from '../utils.js';
+const check = {
+    id: 'AUTH-007',
+    severity: 'LOW',
+    name: 'Missing trusted proxies configuration',
+    execute(ctx) {
+        const bind = getValueAtPath(ctx.config, 'gateway.bind');
+        const trustedProxies = getValueAtPath(ctx.config, 'gateway.trustedProxies');
+        // Check if binding is loopback (or undefined, which defaults to loopback)
+        const isLoopback = bind === 'loopback' ||
+            bind === '127.0.0.1' ||
+            bind === 'localhost' ||
+            bind === undefined;
+        // Check if trusted proxies is configured
+        const hasProxies = Array.isArray(trustedProxies) && trustedProxies.length > 0;
+        if (isLoopback && !hasProxies) {
+            return [{
+                    id: 'AUTH-007',
+                    severity: 'LOW',
+                    name: 'Missing trusted proxies configuration',
+                    location: {
+                        file: ctx.configPath,
+                        path: 'gateway.trustedProxies',
+                    },
+                    currentValue: trustedProxies ?? '(not set)',
+                    expectedValue: 'Array of trusted proxy IPs (if using reverse proxy)',
+                    risk: 'If the Control UI is exposed through a reverse proxy without configuring trusted proxies, local-client checks can be spoofed via X-Forwarded-For headers.',
+                    fix: {
+                        description: 'Configure trusted proxy IPs if using a reverse proxy',
+                        command: `jq '.gateway.trustedProxies = ["127.0.0.1"]' ${ctx.configPath} > tmp.json && mv tmp.json ${ctx.configPath}`,
+                    },
+                    references: [],
+                }];
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=auth-007-missing-trusted-proxies.js.map

package/dist/checks/chan-001-open-dm.d.ts

@@ -0,0 +1,10 @@
+/**
+ * CHAN-001: Open DM policy without allowlist
+ *
+ * Detects when a channel has open DM policy without a specific allowlist,
+ * allowing anyone to send direct messages to the bot.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=chan-001-open-dm.d.ts.map

package/dist/checks/chan-001-open-dm.js

@@ -0,0 +1,48 @@
+/**
+ * CHAN-001: Open DM policy without allowlist
+ *
+ * Detects when a channel has open DM policy without a specific allowlist,
+ * allowing anyone to send direct messages to the bot.
+ */
+import { getValueAtPath } from '../utils.js';
+const check = {
+    id: 'CHAN-001',
+    severity: 'HIGH',
+    name: 'Open DM policy without allowlist',
+    execute(ctx) {
+        const findings = [];
+        const channels = getValueAtPath(ctx.config, 'channels');
+        if (!channels || typeof channels !== 'object')
+            return [];
+        for (const [channelName, channelConfig] of Object.entries(channels)) {
+            if (!channelConfig || typeof channelConfig !== 'object')
+                continue;
+            const dmPolicy = channelConfig.dmPolicy;
+            const allowFrom = channelConfig.allowFrom;
+            if (dmPolicy === 'open') {
+                const hasAllowlist = Array.isArray(allowFrom) &&
+                    allowFrom.length > 0 &&
+                    !allowFrom.includes('*');
+                if (!hasAllowlist) {
+                    findings.push({
+                        id: 'CHAN-001',
+                        severity: 'HIGH',
+                        name: 'Open DM policy without allowlist',
+                        location: { file: ctx.configPath, path: `channels.${channelName}.dmPolicy` },
+                        currentValue: `dmPolicy: open, allowFrom: ${allowFrom ? JSON.stringify(allowFrom) : 'not set'}`,
+                        expectedValue: 'dmPolicy: allowlist OR allowFrom with specific users',
+                        risk: `Channel "${channelName}" accepts DMs from anyone. Attackers can send malicious prompts directly to the bot.`,
+                        fix: {
+                            description: 'Configure allowlist for DM policy',
+                            command: `jq '.channels["${channelName}"].dmPolicy = "allowlist"' ${ctx.configPath} > tmp.json && mv tmp.json ${ctx.configPath}`,
+                        },
+                        references: ['https://docs.openclaw.ai/channels/security#dm-policy'],
+                    });
+                }
+            }
+        }
+        return findings;
+    },
+};
+export default check;
+//# sourceMappingURL=chan-001-open-dm.js.map

package/dist/checks/chan-002-group-policy.d.ts

@@ -0,0 +1,10 @@
+/**
+ * CHAN-002: Group policy not set to allowlist
+ *
+ * Detects when a channel's groupPolicy is not set to 'allowlist',
+ * potentially allowing messages from unauthorized groups.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=chan-002-group-policy.d.ts.map