aquaman-plugin 0.7.0 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -1
- package/index.ts +3 -2
- package/package.json +3 -2
package/README.md
CHANGED
|
@@ -62,7 +62,12 @@ Troubleshooting: `aquaman doctor`
|
|
|
62
62
|
|
|
63
63
|
## Security Audit Note
|
|
64
64
|
|
|
65
|
-
Running `openclaw security audit --deep` will show
|
|
65
|
+
Running `openclaw security audit --deep` will show two expected findings:
|
|
66
|
+
|
|
67
|
+
- **`dangerous-exec`** on `proxy-manager.ts` — the plugin spawns the aquaman proxy as a separate process, which is the whole point of credential isolation.
|
|
68
|
+
- **`tools_reachable_permissive_policy`** — advisory that plugin tools are reachable under the default tool policy. This is about your OpenClaw tool profile setting, not about aquaman. Set `"tools": { "profile": "coding" }` in `openclaw.json` if your agents handle untrusted input.
|
|
69
|
+
|
|
70
|
+
`aquaman setup` adds the plugin to your `plugins.allow` trust list automatically.
|
|
66
71
|
|
|
67
72
|
## Documentation
|
|
68
73
|
|
package/index.ts
CHANGED
|
@@ -266,10 +266,11 @@ function ensureAuthProfiles(log: OpenClawPluginApi["logger"]): void {
|
|
|
266
266
|
}
|
|
267
267
|
|
|
268
268
|
const dir = path.dirname(profilesPath);
|
|
269
|
-
fs.mkdirSync(dir, { recursive: true });
|
|
269
|
+
fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
|
|
270
270
|
fs.writeFileSync(
|
|
271
271
|
profilesPath,
|
|
272
|
-
JSON.stringify({ version: 1, profiles, order }, null, 2)
|
|
272
|
+
JSON.stringify({ version: 1, profiles, order }, null, 2),
|
|
273
|
+
{ mode: 0o600 }
|
|
273
274
|
);
|
|
274
275
|
log.info(
|
|
275
276
|
`Generated auth-profiles.json with placeholder keys at ${profilesPath}`
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "aquaman-plugin",
|
|
3
|
-
"version": "0.7.
|
|
3
|
+
"version": "0.7.1",
|
|
4
4
|
"description": "Credential isolation plugin for OpenClaw",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"scripts": {
|
|
@@ -13,6 +13,7 @@
|
|
|
13
13
|
"keywords": [
|
|
14
14
|
"aquaman",
|
|
15
15
|
"openclaw",
|
|
16
|
+
"openclaw-plugin",
|
|
16
17
|
"plugin",
|
|
17
18
|
"security",
|
|
18
19
|
"credentials",
|
|
@@ -26,7 +27,7 @@
|
|
|
26
27
|
},
|
|
27
28
|
"peerDependencies": {
|
|
28
29
|
"openclaw": ">=2026.1.0",
|
|
29
|
-
"aquaman-proxy": "0.7.
|
|
30
|
+
"aquaman-proxy": "0.7.1"
|
|
30
31
|
},
|
|
31
32
|
"peerDependenciesMeta": {
|
|
32
33
|
"aquaman-proxy": {
|