@token-security/clawdit 0.1.0

package/dist/checks/exec-007-workspace-rw.js

@@ -0,0 +1,34 @@
+/**
+ * EXEC-007: Workspace access too permissive
+ *
+ * Detects when workspaceAccess is set to 'rw' (read-write),
+ * giving agents full write access to the workspace.
+ */
+import { getValueAtPath } from '../utils.js';
+const check = {
+    id: 'EXEC-007',
+    severity: 'MEDIUM',
+    name: 'Workspace access too permissive',
+    execute(ctx) {
+        const workspaceAccess = getValueAtPath(ctx.config, 'workspaceAccess');
+        if (workspaceAccess === 'rw') {
+            return [{
+                    id: 'EXEC-007',
+                    severity: 'MEDIUM',
+                    name: 'Workspace access too permissive',
+                    location: { file: ctx.configPath, path: 'workspaceAccess' },
+                    currentValue: workspaceAccess,
+                    expectedValue: 'ro (read-only) or not set',
+                    risk: 'Agents have read-write access to the workspace. A compromised or misbehaving agent could modify or delete files in the workspace.',
+                    fix: {
+                        description: 'Set workspace access to read-only',
+                        command: `jq '.workspaceAccess = "ro"' ${ctx.configPath} > tmp.json && mv tmp.json ${ctx.configPath}`,
+                    },
+                    references: ['https://docs.openclaw.ai/workspace/security#access-modes'],
+                }];
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=exec-007-workspace-rw.js.map

package/dist/checks/index.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Security checks index
+ *
+ * Exports all security checks for use by the runner.
+ * Checks are imported from individual files for modularity.
+ */
+import type { Check } from './types.js';
+export type { Check, Finding, CheckContext, Severity, Location, Fix, Summary, AuditResult } from './types.js';
+export { runChecks, getExitCode, type RunChecksOptions } from './runner.js';
+export { loadChecks, loadChecksWithErrors, discoverCheckFiles } from './loader.js';
+export { validateCheck, validateCheckId, validateFilename, assertValidCheck, VALID_CATEGORIES, VALID_SEVERITIES, type ValidationError, type ValidationResult, } from './schema.js';
+/**
+ * All security checks, sorted by ID
+ */
+export declare const checks: Check[];
+//# sourceMappingURL=index.d.ts.map

package/dist/checks/index.js

@@ -0,0 +1,94 @@
+/**
+ * Security checks index
+ *
+ * Exports all security checks for use by the runner.
+ * Checks are imported from individual files for modularity.
+ */
+export { runChecks, getExitCode } from './runner.js';
+export { loadChecks, loadChecksWithErrors, discoverCheckFiles } from './loader.js';
+export { validateCheck, validateCheckId, validateFilename, assertValidCheck, VALID_CATEGORIES, VALID_SEVERITIES, } from './schema.js';
+// Import individual checks
+import net001 from './net-001-gateway-binding.js';
+import net002 from './net-002-default-port.js';
+import net003 from './net-003-tailnet-no-token.js';
+import auth001 from './auth-001-device-auth-disabled.js';
+import auth002 from './auth-002-insecure-fallback.js';
+import auth003 from './auth-003-no-gateway-auth.js';
+import auth004 from './auth-004-public-trusted-proxies.js';
+import auth005 from './auth-005-hooks-no-token.js';
+import auth006 from './auth-006-pairing-exposed.js';
+import auth007 from './auth-007-missing-trusted-proxies.js';
+import exec001 from './exec-001-full-security.js';
+import exec002 from './exec-002-sandbox-disabled.js';
+import exec003 from './exec-003-elevated-unrestricted.js';
+import exec004 from './exec-004-approval-fallback.js';
+import exec005 from './exec-005-sandbox-non-main.js';
+import exec006 from './exec-006-cross-agent-sandbox.js';
+import exec007 from './exec-007-workspace-rw.js';
+import sec001 from './sec-001-hardcoded-keys.js';
+import sec002 from './sec-002-world-readable-config.js';
+import sec003 from './sec-003-credentials-exposed.js';
+import sec004 from './sec-004-env-readable.js';
+import sec005 from './sec-005-transcripts-exposed.js';
+import sec006 from './sec-006-redaction-disabled.js';
+import sec007 from './sec-007-no-redact-patterns.js';
+import sec008 from './sec-008-state-dir-permissions.js';
+import disc001 from './disc-001-mdns-full.js';
+import disc002 from './disc-002-mdns-enabled.js';
+import chan001 from './chan-001-open-dm.js';
+import chan002 from './chan-002-group-policy.js';
+import chan003 from './chan-003-no-mention.js';
+import chan004 from './chan-004-dm-isolation.js';
+import chan005 from './chan-005-verbose-groups.js';
+import model001 from './model-001-weak-model-tools.js';
+import plug001 from './plug-001-no-allowlist.js';
+import plug002 from './plug-002-extensions-exposed.js';
+/**
+ * All security checks, sorted by ID
+ */
+export const checks = [
+    // Network checks
+    net001,
+    net002,
+    net003,
+    // Authentication checks
+    auth001,
+    auth002,
+    auth003,
+    auth004,
+    auth005,
+    auth006,
+    auth007,
+    // Execution security checks
+    exec001,
+    exec002,
+    exec003,
+    exec004,
+    exec005,
+    exec006,
+    exec007,
+    // Secrets and credentials checks
+    sec001,
+    sec002,
+    sec003,
+    sec004,
+    sec005,
+    sec006,
+    sec007,
+    sec008,
+    // Discovery checks
+    disc001,
+    disc002,
+    // Channel checks
+    chan001,
+    chan002,
+    chan003,
+    chan004,
+    chan005,
+    // Model checks
+    model001,
+    // Plugin checks
+    plug001,
+    plug002,
+];
+//# sourceMappingURL=index.js.map

package/dist/checks/loader.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Check auto-discovery and loading
+ *
+ * Discovers all check files matching the pattern {category}-{nnn}-{desc}.ts
+ * and loads them as Check objects. Validates each check using the schema.
+ */
+import type { Check } from './types.js';
+/**
+ * Discover all check files in the checks directory
+ * Returns filenames sorted alphabetically
+ */
+export declare function discoverCheckFiles(): string[];
+/**
+ * Sort checks by category and number
+ */
+export declare function sortChecks(checks: Check[]): Check[];
+/**
+ * Load all checks from the checks directory
+ *
+ * This is the async version that dynamically imports check files.
+ * For sync usage, import checks directly from index.ts.
+ *
+ * @returns Array of validated Check objects, sorted by ID
+ */
+export declare function loadChecks(): Promise<Check[]>;
+/**
+ * Load checks with detailed error reporting
+ *
+ * @returns Object with loaded checks and any errors encountered
+ */
+export declare function loadChecksWithErrors(): Promise<{
+    checks: Check[];
+    errors: Array<{
+        file: string;
+        error: string;
+    }>;
+}>;
+//# sourceMappingURL=loader.d.ts.map

package/dist/checks/loader.js

@@ -0,0 +1,149 @@
+/**
+ * Check auto-discovery and loading
+ *
+ * Discovers all check files matching the pattern {category}-{nnn}-{desc}.ts
+ * and loads them as Check objects. Validates each check using the schema.
+ */
+import { readdirSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { assertValidCheck, getCategoryFromId, getNumberFromId } from './schema.js';
+/**
+ * Pattern for check files: category-number-description.ts
+ * Examples: net-001-gateway-binding.ts, auth-002-insecure-fallback.ts
+ */
+const CHECK_FILE_PATTERN = /^([a-z]+)-(\d{3})-[a-z0-9-]+\.ts$/;
+/**
+ * Files to exclude from check discovery
+ */
+const EXCLUDE_FILES = [
+    'index.ts',
+    'types.ts',
+    'runner.ts',
+    'loader.ts',
+    'schema.ts',
+    '_template.ts',
+];
+/**
+ * File patterns to exclude (tests, templates)
+ */
+const EXCLUDE_PATTERNS = [
+    /\.test\.ts$/, // Test files
+    /^_/, // Files starting with underscore
+];
+/**
+ * Check if a filename should be excluded from loading
+ */
+function shouldExclude(filename) {
+    if (EXCLUDE_FILES.includes(filename))
+        return true;
+    for (const pattern of EXCLUDE_PATTERNS) {
+        if (pattern.test(filename))
+            return true;
+    }
+    return false;
+}
+/**
+ * Check if a filename matches the check file pattern
+ */
+function isCheckFile(filename) {
+    if (shouldExclude(filename))
+        return false;
+    return CHECK_FILE_PATTERN.test(filename);
+}
+/**
+ * Get the directory where checks are located
+ */
+function getChecksDir() {
+    const __filename = fileURLToPath(import.meta.url);
+    return dirname(__filename);
+}
+/**
+ * Discover all check files in the checks directory
+ * Returns filenames sorted alphabetically
+ */
+export function discoverCheckFiles() {
+    const checksDir = getChecksDir();
+    try {
+        const files = readdirSync(checksDir);
+        return files
+            .filter(isCheckFile)
+            .sort((a, b) => a.localeCompare(b));
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Sort checks by category and number
+ */
+export function sortChecks(checks) {
+    return [...checks].sort((a, b) => {
+        const catA = getCategoryFromId(a.id) ?? '';
+        const catB = getCategoryFromId(b.id) ?? '';
+        if (catA !== catB)
+            return catA.localeCompare(catB);
+        const numA = getNumberFromId(a.id) ?? '';
+        const numB = getNumberFromId(b.id) ?? '';
+        return numA.localeCompare(numB);
+    });
+}
+/**
+ * Load a single check from a file
+ */
+async function loadCheckFile(filename) {
+    const checksDir = getChecksDir();
+    const filePath = join(checksDir, filename);
+    // Import expects .js extension for compiled files
+    const jsPath = filePath.replace(/\.ts$/, '.js');
+    try {
+        const module = await import(jsPath);
+        const check = module.default;
+        // Validate the loaded check
+        assertValidCheck(check, filename);
+        return check;
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`Failed to load check from ${filename}: ${message}`);
+    }
+}
+/**
+ * Load all checks from the checks directory
+ *
+ * This is the async version that dynamically imports check files.
+ * For sync usage, import checks directly from index.ts.
+ *
+ * @returns Array of validated Check objects, sorted by ID
+ */
+export async function loadChecks() {
+    const files = discoverCheckFiles();
+    const checks = [];
+    for (const file of files) {
+        const check = await loadCheckFile(file);
+        checks.push(check);
+    }
+    return sortChecks(checks);
+}
+/**
+ * Load checks with detailed error reporting
+ *
+ * @returns Object with loaded checks and any errors encountered
+ */
+export async function loadChecksWithErrors() {
+    const files = discoverCheckFiles();
+    const checks = [];
+    const errors = [];
+    for (const file of files) {
+        try {
+            const check = await loadCheckFile(file);
+            checks.push(check);
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            errors.push({ file, error: message });
+        }
+    }
+    return { checks: sortChecks(checks), errors };
+}
+//# sourceMappingURL=loader.js.map

package/dist/checks/model-001-weak-model-tools.d.ts

@@ -0,0 +1,10 @@
+/**
+ * MODEL-001: Weak model with tools enabled
+ *
+ * Detects when a weak-tier model is configured with tool execution enabled,
+ * which may not have adequate safety guardrails for tool use.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=model-001-weak-model-tools.d.ts.map

package/dist/checks/model-001-weak-model-tools.js

@@ -0,0 +1,68 @@
+/**
+ * MODEL-001: Weak model with tools enabled
+ *
+ * Detects when a weak-tier model is configured with tool execution enabled,
+ * which may not have adequate safety guardrails for tool use.
+ */
+import { getValueAtPath } from '../utils.js';
+/**
+ * Models considered "weak tier" - smaller models with potentially
+ * less robust safety guardrails for tool use.
+ */
+const WEAK_TIER_MODELS = [
+    'claude-instant',
+    'claude-instant-1',
+    'claude-instant-1.2',
+    'gpt-3.5-turbo',
+    'gpt-3.5-turbo-16k',
+    'gpt-3.5-turbo-instruct',
+    'text-davinci-003',
+    'text-davinci-002',
+    'mistral-tiny',
+    'mistral-small',
+    'open-mistral-7b',
+    'open-mixtral-8x7b',
+    'llama-2-7b',
+    'llama-2-13b',
+    'codellama-7b',
+    'codellama-13b',
+];
+const check = {
+    id: 'MODEL-001',
+    severity: 'LOW',
+    name: 'Weak model with tools enabled',
+    execute(ctx) {
+        const model = getValueAtPath(ctx.config, 'model');
+        const toolsExec = getValueAtPath(ctx.config, 'tools.exec');
+        if (!model)
+            return [];
+        // Check if model is weak tier (case-insensitive, supports prefixes)
+        const modelLower = model.toLowerCase();
+        const isWeakModel = WEAK_TIER_MODELS.some(weak => modelLower === weak.toLowerCase() ||
+            modelLower.startsWith(weak.toLowerCase() + '-'));
+        // Check if tools.exec is enabled
+        const toolsEnabled = toolsExec !== undefined &&
+            toolsExec !== false &&
+            toolsExec !== 'off' &&
+            toolsExec !== 'disabled';
+        if (isWeakModel && toolsEnabled) {
+            return [{
+                    id: 'MODEL-001',
+                    severity: 'LOW',
+                    name: 'Weak model with tools enabled',
+                    location: { file: ctx.configPath, path: 'model' },
+                    currentValue: `model: ${model}, tools.exec: ${toolsExec}`,
+                    expectedValue: 'A stronger model (claude-3-*, gpt-4-*) when tools are enabled',
+                    risk: `Smaller models like "${model}" may have weaker safety guardrails for tool execution. This increases the risk of unintended or harmful tool invocations.`,
+                    fix: {
+                        description: 'Use a stronger model when tool execution is enabled',
+                        command: `jq '.model = "claude-3-sonnet-20240229"' ${ctx.configPath} > tmp.json && mv tmp.json ${ctx.configPath}`,
+                    },
+                    references: ['https://docs.openclaw.ai/models/security#tool-safety'],
+                }];
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=model-001-weak-model-tools.js.map

package/dist/checks/net-001-gateway-binding.d.ts

@@ -0,0 +1,10 @@
+/**
+ * NET-001: Gateway bound to all interfaces
+ *
+ * Detects when the gateway is bound to 0.0.0.0 or lan without authentication,
+ * exposing it to any network interface.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=net-001-gateway-binding.d.ts.map

package/dist/checks/net-001-gateway-binding.js

@@ -0,0 +1,34 @@
+/**
+ * NET-001: Gateway bound to all interfaces
+ *
+ * Detects when the gateway is bound to 0.0.0.0 or lan without authentication,
+ * exposing it to any network interface.
+ */
+import { getValueAtPath, hasGatewayAuth } from '../utils.js';
+const check = {
+    id: 'NET-001',
+    severity: 'HIGH',
+    name: 'Gateway bound to all interfaces',
+    execute(ctx) {
+        const bind = getValueAtPath(ctx.config, 'gateway.bind');
+        if ((bind === '0.0.0.0' || bind === 'lan') && !hasGatewayAuth(ctx.config)) {
+            return [{
+                    id: 'NET-001',
+                    severity: 'HIGH',
+                    name: 'Gateway bound to all interfaces',
+                    location: { file: ctx.configPath, path: 'gateway.bind' },
+                    currentValue: bind,
+                    expectedValue: 'loopback (or configure gateway.auth.token)',
+                    risk: 'The gateway is accessible from any network interface without authentication. Attackers on the same network can connect and control OpenClaw.',
+                    fix: {
+                        description: 'Bind to loopback only or configure authentication',
+                        command: `jq '.gateway.bind = "loopback"' ${ctx.configPath} > tmp.json && mv tmp.json ${ctx.configPath}`,
+                    },
+                    references: ['https://docs.openclaw.ai/gateway/security#network-binding'],
+                }];
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=net-001-gateway-binding.js.map

package/dist/checks/net-002-default-port.d.ts

@@ -0,0 +1,10 @@
+/**
+ * NET-002: Non-default gateway port
+ *
+ * Detects when the gateway is using the default port 18789,
+ * which is well-known and makes the service easier to discover.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=net-002-default-port.d.ts.map

package/dist/checks/net-002-default-port.js

@@ -0,0 +1,35 @@
+/**
+ * NET-002: Non-default gateway port
+ *
+ * Detects when the gateway is using the default port 18789,
+ * which is well-known and makes the service easier to discover.
+ */
+import { getValueAtPath } from '../utils.js';
+const check = {
+    id: 'NET-002',
+    severity: 'MEDIUM',
+    name: 'Non-default gateway port',
+    execute(ctx) {
+        const port = getValueAtPath(ctx.config, 'gateway.port');
+        // Default port is 18789 - flag if using default
+        if (port === 18789 || port === undefined) {
+            return [{
+                    id: 'NET-002',
+                    severity: 'MEDIUM',
+                    name: 'Non-default gateway port',
+                    location: { file: ctx.configPath, path: 'gateway.port' },
+                    currentValue: port ?? 18789,
+                    expectedValue: 'Non-default port (not 18789)',
+                    risk: 'Using the default port 18789 makes the gateway easier to discover through port scanning. Attackers commonly scan for well-known service ports.',
+                    fix: {
+                        description: 'Configure a non-default port',
+                        command: `jq '.gateway.port = 28789' ${ctx.configPath} > tmp.json && mv tmp.json ${ctx.configPath}`,
+                    },
+                    references: ['https://docs.openclaw.ai/gateway/security#port-configuration'],
+                }];
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=net-002-default-port.js.map

package/dist/checks/net-003-tailnet-no-token.d.ts

@@ -0,0 +1,10 @@
+/**
+ * NET-003: Gateway bound to tailnet without token auth
+ *
+ * Detects when the gateway is bound to a Tailscale network (tailnet)
+ * without token authentication, relying solely on Tailscale's network security.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=net-003-tailnet-no-token.d.ts.map

package/dist/checks/net-003-tailnet-no-token.js

@@ -0,0 +1,34 @@
+/**
+ * NET-003: Gateway bound to tailnet without token auth
+ *
+ * Detects when the gateway is bound to a Tailscale network (tailnet)
+ * without token authentication, relying solely on Tailscale's network security.
+ */
+import { getValueAtPath, hasGatewayAuth } from '../utils.js';
+const check = {
+    id: 'NET-003',
+    severity: 'LOW',
+    name: 'Gateway bound to tailnet without token auth',
+    execute(ctx) {
+        const bind = getValueAtPath(ctx.config, 'gateway.bind');
+        if (bind === 'tailnet' && !hasGatewayAuth(ctx.config)) {
+            return [{
+                    id: 'NET-003',
+                    severity: 'LOW',
+                    name: 'Gateway bound to tailnet without token auth',
+                    location: { file: ctx.configPath, path: 'gateway.bind' },
+                    currentValue: bind,
+                    expectedValue: 'tailnet with gateway.auth.token configured',
+                    risk: 'While Tailscale provides network-level security, adding token auth provides defense-in-depth. Compromised tailnet devices could access the gateway.',
+                    fix: {
+                        description: 'Configure token authentication for additional security',
+                        command: `jq '.gateway.auth.token = "your-secure-token"' ${ctx.configPath} > tmp.json && mv tmp.json ${ctx.configPath}`,
+                    },
+                    references: ['https://docs.openclaw.ai/gateway/security#tailnet'],
+                }];
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=net-003-tailnet-no-token.js.map

package/dist/checks/plug-001-no-allowlist.d.ts

@@ -0,0 +1,10 @@
+/**
+ * PLUG-001: Plugins without explicit allowlist
+ *
+ * Detects when extensions are installed but no plugin allowlist is configured,
+ * meaning any extension in the directory will be loaded without explicit approval.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=plug-001-no-allowlist.d.ts.map

package/dist/checks/plug-001-no-allowlist.js

@@ -0,0 +1,52 @@
+/**
+ * PLUG-001: Plugins without explicit allowlist
+ *
+ * Detects when extensions are installed but no plugin allowlist is configured,
+ * meaning any extension in the directory will be loaded without explicit approval.
+ */
+import { getValueAtPath } from '../utils.js';
+import { existsSync, readdirSync } from 'node:fs';
+import { join } from 'node:path';
+const check = {
+    id: 'PLUG-001',
+    severity: 'MEDIUM',
+    name: 'Plugins without explicit allowlist',
+    execute(ctx) {
+        const extensionsDir = join(ctx.configDir, 'extensions');
+        // Skip if extensions directory doesn't exist
+        if (!existsSync(extensionsDir))
+            return [];
+        // Check if directory has any contents
+        let hasExtensions = false;
+        try {
+            const entries = readdirSync(extensionsDir);
+            hasExtensions = entries.length > 0;
+        }
+        catch {
+            return []; // Can't read dir, skip
+        }
+        if (!hasExtensions)
+            return [];
+        // Extensions exist - check if plugins.allow is configured
+        const pluginsAllow = getValueAtPath(ctx.config, 'plugins.allow');
+        if (pluginsAllow === undefined) {
+            return [{
+                    id: 'PLUG-001',
+                    severity: 'MEDIUM',
+                    name: 'Plugins without explicit allowlist',
+                    location: { file: ctx.configPath, path: 'plugins.allow' },
+                    currentValue: 'not set',
+                    expectedValue: 'Array of allowed plugin names',
+                    risk: 'Extensions are installed but no allowlist is configured. Any extension in the directory will be loaded without explicit approval.',
+                    fix: {
+                        description: 'Configure an explicit plugin allowlist',
+                        command: `jq '.plugins.allow = ["plugin-name"]' ${ctx.configPath} > tmp.json && mv tmp.json ${ctx.configPath}`,
+                    },
+                    references: ['https://docs.openclaw.ai/plugins/security'],
+                }];
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=plug-001-no-allowlist.js.map

package/dist/checks/plug-002-extensions-exposed.d.ts

@@ -0,0 +1,10 @@
+/**
+ * PLUG-002: Plugin directory permissions exposed
+ *
+ * Detects when the extensions directory has permissions that allow other users
+ * on the system to access it, potentially installing malicious plugins.
+ */
+import type { Check } from './types.js';
+declare const check: Check;
+export default check;
+//# sourceMappingURL=plug-002-extensions-exposed.d.ts.map

package/dist/checks/plug-002-extensions-exposed.js

@@ -0,0 +1,41 @@
+/**
+ * PLUG-002: Plugin directory permissions exposed
+ *
+ * Detects when the extensions directory has permissions that allow other users
+ * on the system to access it, potentially installing malicious plugins.
+ */
+import { getFileMode, formatMode } from '../utils.js';
+import { join } from 'node:path';
+const check = {
+    id: 'PLUG-002',
+    severity: 'MEDIUM',
+    name: 'Plugin directory permissions exposed',
+    execute(ctx) {
+        const extensionsDir = join(ctx.configDir, 'extensions');
+        const mode = getFileMode(extensionsDir);
+        // Skip on Windows or if dir doesn't exist
+        if (mode === null)
+            return [];
+        // Check if group or other has any permissions
+        const groupOther = mode & 0o077;
+        if (groupOther > 0) {
+            return [{
+                    id: 'PLUG-002',
+                    severity: 'MEDIUM',
+                    name: 'Plugin directory permissions exposed',
+                    location: { file: extensionsDir, path: null },
+                    currentValue: formatMode(mode),
+                    expectedValue: '700',
+                    risk: 'Other users on the system can access the extensions directory, potentially installing malicious plugins or modifying existing ones.',
+                    fix: {
+                        description: 'Restrict directory permissions',
+                        command: `chmod 700 ${extensionsDir}`,
+                    },
+                    references: ['https://docs.openclaw.ai/plugins/security'],
+                }];
+        }
+        return [];
+    },
+};
+export default check;
+//# sourceMappingURL=plug-002-extensions-exposed.js.map