openclaw-quiubo 2.6.25 → 2.6.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -0
- package/dist/index.js +8 -4
- package/dist/index.js.map +2 -2
- package/dist/src/realtime-gateway.d.ts +2 -0
- package/dist/src/realtime-gateway.d.ts.map +1 -1
- package/openclaw.plugin.json +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -323,6 +323,23 @@ src/
|
|
|
323
323
|
| OpenClaw | `sendOpenclawResponse()` |
|
|
324
324
|
| Webhooks | `configureWebhook()` |
|
|
325
325
|
|
|
326
|
+
## Known Security Scanner Warnings
|
|
327
|
+
|
|
328
|
+
When installing, OpenClaw's plugin scanner may flag two patterns. Both are false positives:
|
|
329
|
+
|
|
330
|
+
- **"Shell command execution detected (child_process)"** — From `pusher-js`'s bundled XMLHttpRequest polyfill. This sync code path is never executed by the plugin.
|
|
331
|
+
- **"Environment variable access combined with network send"** — The plugin reads `process.env.HOME` to locate `~/.openclaw/cron/` for persisting cursors and keys. No credentials flow through environment variables.
|
|
332
|
+
|
|
333
|
+
To suppress the auto-load warning, add the plugin to your allowlist in `~/.openclaw/openclaw.json`:
|
|
334
|
+
|
|
335
|
+
```json
|
|
336
|
+
{
|
|
337
|
+
"plugins": {
|
|
338
|
+
"allow": ["openclaw-quiubo"]
|
|
339
|
+
}
|
|
340
|
+
}
|
|
341
|
+
```
|
|
342
|
+
|
|
326
343
|
## License
|
|
327
344
|
|
|
328
345
|
MIT
|
package/dist/index.js
CHANGED
|
@@ -12882,7 +12882,8 @@ var RealtimeGateway = class {
|
|
|
12882
12882
|
senderIdentityId: data.senderId,
|
|
12883
12883
|
senderUsername: data.senderUsername,
|
|
12884
12884
|
plaintext: data.plaintext,
|
|
12885
|
-
createdAt: data.createdAt
|
|
12885
|
+
createdAt: data.createdAt,
|
|
12886
|
+
...data.attachments?.length ? { attachments: data.attachments } : {}
|
|
12886
12887
|
})).catch((err) => {
|
|
12887
12888
|
log.error?.(`Failed to route Pusher message ${data.messageId}: ${err}`);
|
|
12888
12889
|
});
|
|
@@ -12912,7 +12913,8 @@ var RealtimeGateway = class {
|
|
|
12912
12913
|
senderIdentityId: data.senderId,
|
|
12913
12914
|
senderUsername: data.senderUsername,
|
|
12914
12915
|
plaintext,
|
|
12915
|
-
createdAt: data.createdAt
|
|
12916
|
+
createdAt: data.createdAt,
|
|
12917
|
+
...data.attachments?.length ? { attachments: data.attachments } : {}
|
|
12916
12918
|
}));
|
|
12917
12919
|
} catch (decErr) {
|
|
12918
12920
|
log.error?.(`[e2ee:pusher] Decryption failed for message ${data.messageId} in group ${data.groupId}: ${decErr}`);
|
|
@@ -12968,7 +12970,8 @@ var RealtimeGateway = class {
|
|
|
12968
12970
|
groupId,
|
|
12969
12971
|
senderIdentityId: msg.senderIdentityId,
|
|
12970
12972
|
plaintext: msg.plaintext,
|
|
12971
|
-
createdAt: msg.createdAt
|
|
12973
|
+
createdAt: msg.createdAt,
|
|
12974
|
+
...msg.attachments?.length ? { attachments: msg.attachments } : {}
|
|
12972
12975
|
});
|
|
12973
12976
|
} catch (error) {
|
|
12974
12977
|
this.log.error?.(`Failed to fetch message ${messageId}:`, error);
|
|
@@ -13156,7 +13159,8 @@ var RealtimeGateway = class {
|
|
|
13156
13159
|
groupId,
|
|
13157
13160
|
senderIdentityId: msg.senderIdentityId,
|
|
13158
13161
|
plaintext,
|
|
13159
|
-
createdAt: msg.createdAt
|
|
13162
|
+
createdAt: msg.createdAt,
|
|
13163
|
+
...msg.attachments?.length ? { attachments: msg.attachments } : {}
|
|
13160
13164
|
});
|
|
13161
13165
|
} catch (error) {
|
|
13162
13166
|
this.log.error?.(`Failed to handle message ${msg.id}:`, error);
|