aquaman-plugin 0.7.0 → 0.8.0

package/README.md

@@ -42,7 +42,7 @@ openclaw                                  # proxy starts automatically
 > `aquaman setup` auto-detects your credential backend. macOS defaults to Keychain,
 > Linux defaults to encrypted file. Override with `--backend`:
 > `aquaman setup --backend keepassxc`
-> Options: `keychain`, `encrypted-file`, `keepassxc`, `1password`, `vault`
+> Options: `keychain`, `encrypted-file`, `keepassxc`, `1password`, `vault`, `systemd-creds`
 
 Existing plaintext credentials are migrated automatically during setup.
 Run again anytime to migrate new credentials: `aquaman migrate openclaw --auto`
@@ -55,14 +55,19 @@ Troubleshooting: `aquaman doctor`
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| `backend` | `"keychain"` \| `"1password"` \| `"vault"` \| `"encrypted-file"` \| `"keepassxc"` | `"keychain"` | Credential store |
+| `backend` | `"keychain"` \| `"1password"` \| `"vault"` \| `"encrypted-file"` \| `"keepassxc"` \| `"systemd-creds"` | `"keychain"` | Credential store |
 | `services` | `string[]` | `["anthropic", "openai"]` | Services to proxy |
 
 > Advanced settings (audit, vault) go in `~/.aquaman/config.yaml`.
 
 ## Security Audit Note
 
-Running `openclaw security audit --deep` will show a `dangerous-exec` finding for this plugin. That's expected — the plugin spawns the aquaman proxy as a separate process, which is the whole point of credential isolation. `aquaman setup` adds the plugin to your `plugins.allow` trust list automatically.
+Running `openclaw security audit --deep` will show two expected findings:
+
+- **`dangerous-exec`** on `proxy-manager.ts` — the plugin spawns the aquaman proxy as a separate process, which is the whole point of credential isolation.
+- **`tools_reachable_permissive_policy`** — advisory that plugin tools are reachable under the default tool policy. This is about your OpenClaw tool profile setting, not about aquaman. Set `"tools": { "profile": "coding" }` in `openclaw.json` if your agents handle untrusted input.
+
+`aquaman setup` adds the plugin to your `plugins.allow` trust list automatically.
 
 ## Documentation
 

package/index.ts

@@ -266,10 +266,11 @@ function ensureAuthProfiles(log: OpenClawPluginApi["logger"]): void {
   }
 
   const dir = path.dirname(profilesPath);
-  fs.mkdirSync(dir, { recursive: true });
+  fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
   fs.writeFileSync(
     profilesPath,
-    JSON.stringify({ version: 1, profiles, order }, null, 2)
+    JSON.stringify({ version: 1, profiles, order }, null, 2),
+    { mode: 0o600 }
   );
   log.info(
     `Generated auth-profiles.json with placeholder keys at ${profilesPath}`

package/openclaw.plugin.json

@@ -14,7 +14,7 @@
     "properties": {
       "backend": {
         "type": "string",
-        "enum": ["keychain", "1password", "vault", "encrypted-file", "keepassxc"],
+        "enum": ["keychain", "1password", "vault", "encrypted-file", "keepassxc", "systemd-creds"],
         "default": "keychain",
         "description": "Credential storage backend"
       },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aquaman-plugin",
-  "version": "0.7.0",
+  "version": "0.8.0",
   "description": "Credential isolation plugin for OpenClaw",
   "type": "module",
   "scripts": {
@@ -13,6 +13,7 @@
   "keywords": [
     "aquaman",
     "openclaw",
+    "openclaw-plugin",
     "plugin",
     "security",
     "credentials",
@@ -26,7 +27,7 @@
   },
   "peerDependencies": {
     "openclaw": ">=2026.1.0",
-    "aquaman-proxy": "0.7.0"
+    "aquaman-proxy": "0.8.0"
   },
   "peerDependenciesMeta": {
     "aquaman-proxy": {