openclawsec 1.0.0

package/src/checks/secretsCheck.js

@@ -0,0 +1,192 @@
+const fs = require('fs');
+const path = require('path');
+const out = require('../utils/output');
+
+const API_KEY_PATTERNS = [
+  { pattern: /sk-[a-zA-Z0-9]{20,}/, name: 'OpenAI API Key', severity: 'critical' },
+  { pattern: /sk-ant-[a-zA-Z0-9]{20,}/, name: 'Anthropic API Key', severity: 'critical' },
+  { pattern: /AIza[a-zA-Z0-9_-]{35}/, name: 'Google API Key', severity: 'critical' },
+  { pattern: /xAI-[a-zA-Z0-9]{20,}/, name: 'xAI API Key', severity: 'critical' },
+  { pattern: /sk_proj_[a-zA-Z0-9]{20,}/, name: 'OpenAI Project Key', severity: 'critical' },
+  { pattern: /gsk_[a-zA-Z0-9]{20,}/, name: 'Groq API Key', severity: 'critical' },
+  { pattern: /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*/, name: 'JWT Token', severity: 'high' },
+  { pattern: /-----BEGIN.*PRIVATE KEY-----/, name: 'Private Key', severity: 'critical' },
+  { pattern: /github_pat_[a-zA-Z0-9_]{22,}/, name: 'GitHub Personal Access Token', severity: 'critical' }
+];
+
+const SENSITIVE_FILE_PATTERNS = [
+  '.env',
+  '.env.local',
+  '.env.production',
+  'openclaw.json',
+  'credentials.json',
+  'tokens.json',
+  'secrets.json',
+  'config.json'
+];
+
+function getWorkspacePath() {
+  const home = process.env.USERPROFILE || process.env.HOME || process.env.HOMEPATH;
+  return path.join(home, '.openclaw', 'workspace');
+}
+
+function scanFileForSecrets(filePath) {
+  const findings = [];
+  
+  try {
+    const content = fs.readFileSync(filePath, 'utf8');
+    
+    for (const { pattern, name, severity } of API_KEY_PATTERNS) {
+      const matches = content.match(new RegExp(pattern, 'gi'));
+      if (matches) {
+        for (const match of matches) {
+          findings.push({
+            type: name,
+            severity,
+            preview: match.substring(0, 8) + '...' + match.substring(match.length - 4),
+            line: content.split('\n').findIndex(line => line.includes(match)) + 1
+          });
+        }
+      }
+    }
+    
+    if (content.includes('OPENAI_API_KEY') || content.includes('ANTHROPIC_API_KEY')) {
+      if (!API_KEY_PATTERNS[0].pattern.test(content)) {
+        findings.push({
+          type: 'API Key Reference',
+          severity: 'warning',
+          preview: 'API key variable name detected',
+          line: 0
+        });
+      }
+    }
+    
+  } catch (error) {
+    return [];
+  }
+  
+  return findings;
+}
+
+function getFilesRecursive(dir, files = []) {
+  try {
+    const entries = fs.readdirSync(dir, { withFileTypes: true });
+    
+    for (const entry of entries) {
+      const fullPath = path.join(dir, entry.name);
+      
+      if (entry.isDirectory()) {
+        const skipDirs = ['node_modules', '.git', '__pycache__', 'dist', 'build'];
+        if (!skipDirs.includes(entry.name)) {
+          getFilesRecursive(fullPath, files);
+        }
+      } else {
+        files.push(fullPath);
+      }
+    }
+  } catch (error) {}
+  
+  return files;
+}
+
+function check() {
+  out.heading('Secrets & API Keys Check');
+  
+  const workspacePath = getWorkspacePath();
+  out.keyValue('Scanning Path', workspacePath);
+  out.text('');
+  
+  if (!fs.existsSync(workspacePath)) {
+    out.warning('Workspace directory not found');
+    return { findings: [], filesScanned: 0 };
+  }
+  
+  const files = getFilesRecursive(workspacePath);
+  out.text(`Scanning ${files.length} files...`);
+  out.text('');
+  
+  const allFindings = [];
+  const sensitiveFilesFound = [];
+  
+  for (const file of files) {
+    const fileName = path.basename(file);
+    
+    const isSensitive = SENSITIVE_FILE_PATTERNS.some(pattern => 
+      fileName.includes(pattern) || file.includes(pattern)
+    );
+    
+    if (isSensitive) {
+      sensitiveFilesFound.push(file);
+    }
+    
+    const fileFindings = scanFileForSecrets(file);
+    
+    if (fileFindings.length > 0) {
+      for (const finding of fileFindings) {
+        allFindings.push({
+          ...finding,
+          file: file,
+          fileName: fileName
+        });
+      }
+    }
+  }
+  
+  if (allFindings.length === 0) {
+    out.passed('No exposed API keys or secrets found');
+    out.text('');
+    out.info('Checked ' + files.length + ' files for sensitive data');
+  } else {
+    out.critical(`FOUND ${allFindings.length} POTENTIAL SECRET(S)!`);
+    out.text('');
+    
+    const criticalFindings = allFindings.filter(f => f.severity === 'critical');
+    const highFindings = allFindings.filter(f => f.severity === 'high');
+    const warningFindings = allFindings.filter(f => f.severity === 'warning');
+    
+    if (criticalFindings.length > 0) {
+      out.text(`${out.COLORS.error('Critical:')} ${criticalFindings.length}`);
+    }
+    if (highFindings.length > 0) {
+      out.text(`${out.COLORS.warning('High:')} ${highFindings.length}`);
+    }
+    if (warningFindings.length > 0) {
+      out.text(`${out.COLORS.warning('Warning:')} ${warningFindings.length}`);
+    }
+    
+    out.text('');
+    
+    for (const finding of allFindings.slice(0, 10)) {
+      console.log(`  ${out.COLORS.error('●')} ${out.COLORS.highlight(finding.fileName)}`);
+      console.log(`    ${finding.type}: ${finding.preview}`);
+      if (finding.line > 0) {
+        console.log(`    ${out.COLORS.dim('Line: ' + finding.line)}`);
+      }
+    }
+    
+    if (allFindings.length > 10) {
+      console.log(`  ${out.COLORS.dim(`... and ${allFindings.length - 10} more`)}`);
+    }
+  }
+  
+  if (sensitiveFilesFound.length > 0) {
+    out.text('');
+    out.warning('Sensitive configuration files found:');
+    for (const file of sensitiveFilesFound.slice(0, 5)) {
+      out.text(`  - ${path.basename(file)}`);
+    }
+    if (sensitiveFilesFound.length > 5) {
+      out.text(`  ${out.COLORS.dim(`... and ${sensitiveFilesFound.length - 5} more`)}`);
+    }
+    out.text('');
+    out.text('Recommendation: Do not commit these files to git!');
+  }
+  
+  return {
+    findings: allFindings,
+    filesScanned: files.length,
+    sensitiveFiles: sensitiveFilesFound.length
+  };
+}
+
+module.exports = { check, scanFileForSecrets, API_KEY_PATTERNS };

package/src/checks/skillAudit.js

@@ -0,0 +1,204 @@
+const fs = require('fs');
+const path = require('path');
+const out = require('../utils/output');
+
+const MALICIOUS_PATTERNS = [
+  { pattern: /91\.92\.242\.30/, name: 'ClawHavoc C2 server IP', severity: 'critical' },
+  { pattern: /bore\.pub/, name: 'Tunnel service (potential exfil)', severity: 'critical' },
+  { pattern: /localhost\.run/, name: 'Tunnel service (potential exfil)', severity: 'critical' },
+  { pattern: /curl.*\|.*bash/i, name: 'Pipe to bash (curl | bash)', severity: 'critical' },
+  { pattern: /wget.*\|.*bash/i, name: 'Pipe to bash (wget | bash)', severity: 'critical' },
+  { pattern: /base64.*-d.*curl/i, name: 'Base64 decode + curl (stealth download)', severity: 'critical' },
+  { pattern: /eval.*\$/, name: 'Dynamic eval with variable', severity: 'critical' },
+  { pattern: /exec.*\$/, name: 'Dynamic exec with variable', severity: 'critical' },
+  { pattern: /\.openclaw.*credentials/i, name: 'Credential file access pattern', severity: 'warning' },
+  { pattern: /token.*exfil/i, name: 'Token exfiltration pattern', severity: 'critical' },
+  { pattern: /keychain/i, name: 'Keychain access (macOS credential theft)', severity: 'critical' },
+  { pattern: /\$HOME\/\.ssh/, name: 'SSH key access', severity: 'critical' },
+  { pattern: /\.env.*cat/i, name: 'Environment file reading', severity: 'warning' },
+  { pattern: /AMOS|Atomic.*macOS.*Stealer/i, name: 'AMOS stealer reference', severity: 'critical' },
+  { pattern: /openclaw.*windriver/i, name: 'Fake Windows installer reference', severity: 'critical' }
+];
+
+const SUSPICIOUS_DOMAINS = [
+  '91.92.242.30',
+  'bore.pub',
+  'localhost.run',
+  'npx.run',
+  'curl.se',
+  'bit.ly'
+];
+
+const TRUSTED_SKILL_AUTHORS = [
+  'openclaw',
+  'clawdbot',
+  'steipete',
+  'official'
+];
+
+function getWorkspacePath() {
+  const home = process.env.USERPROFILE || process.env.HOME || process.env.HOMEPATH;
+  return path.join(home, '.openclaw', 'workspace', 'skills');
+}
+
+function getInstalledSkills(workspacePath) {
+  const skills = [];
+  
+  try {
+    if (!fs.existsSync(workspacePath)) {
+      out.warning(`Skills directory not found: ${workspacePath}`);
+      return skills;
+    }
+    
+    const entries = fs.readdirSync(workspacePath, { withFileTypes: true });
+    
+    for (const entry of entries) {
+      if (entry.isDirectory()) {
+        const skillPath = path.join(workspacePath, entry.name);
+        const skillMdPath = path.join(skillPath, 'SKILL.md');
+        
+        if (fs.existsSync(skillMdPath)) {
+          const content = fs.readFileSync(skillMdPath, 'utf8');
+          skills.push({
+            name: entry.name,
+            path: skillPath,
+            content: content,
+            size: fs.statSync(skillMdPath).size
+          });
+        }
+        
+        const metaPath = path.join(skillPath, 'skill.json');
+        if (fs.existsSync(metaPath)) {
+          try {
+            const meta = JSON.parse(fs.readFileSync(metaPath, 'utf8'));
+            skills[skills.length - 1].meta = meta;
+          } catch (e) {}
+        }
+      }
+    }
+  } catch (error) {
+    out.error(`Error reading skills: ${error.message}`);
+  }
+  
+  return skills;
+}
+
+function analyzeSkill(skill) {
+  const findings = [];
+  const content = skill.content;
+  
+  for (const { pattern, name, severity } of MALICIOUS_PATTERNS) {
+    if (pattern.test(content)) {
+      findings.push({ pattern: name, severity, matched: content.match(pattern)?.[0] });
+    }
+  }
+  
+  const urlPattern = /https?:\/\/[^\s]+/gi;
+  const urls = content.match(urlPattern) || [];
+  const externalUrls = urls.filter(url => !url.includes('github.com') && !url.includes('npmjs.com') && !url.includes('clawhub.ai'));
+  
+  for (const url of externalUrls) {
+    const isSuspicious = SUSPICIOUS_DOMAINS.some(domain => url.includes(domain));
+    if (isSuspicious) {
+      findings.push({ pattern: `External URL to suspicious domain`, severity: 'critical', matched: url });
+    } else {
+      findings.push({ pattern: `External URL`, severity: 'info', matched: url });
+    }
+  }
+  
+  const base64Pattern = /[A-Za-z0-9+\/]{50,}={0,2}/;
+  if (base64Pattern.test(content)) {
+    const matches = content.match(base64Pattern);
+    if (matches && matches.length > 3) {
+      findings.push({ pattern: 'Multiple base64 encoded strings', severity: 'warning', matched: `${matches.length} found` });
+    }
+  }
+  
+  const shellPattern = /\$(exec|run|command|bash|sh)/i;
+  if (shellPattern.test(content)) {
+    findings.push({ pattern: 'Shell command execution', severity: 'warning', matched: 'Shell execution detected' });
+  }
+  
+  return {
+    name: skill.name,
+    path: skill.path,
+    findings,
+    hasIssues: findings.some(f => f.severity === 'critical'),
+    hasWarnings: findings.some(f => f.severity === 'warning'),
+    externalUrls: externalUrls.length
+  };
+}
+
+function check() {
+  out.heading('Skill Audit');
+  
+  const workspacePath = getWorkspacePath();
+  out.keyValue('Skills Path', workspacePath);
+  out.text('');
+  
+  const skills = getInstalledSkills(workspacePath);
+  
+  if (skills.length === 0) {
+    out.info('No skills found in workspace');
+    out.text('Install skills with: clawhub install <skill-name>');
+    return { skills: [], criticalCount: 0, warningCount: 0 };
+  }
+  
+  out.keyValue('Installed Skills', skills.length.toString());
+  out.text('');
+  
+  const results = skills.map(skill => analyzeSkill(skill));
+  
+  let criticalCount = 0;
+  let warningCount = 0;
+  let safeCount = 0;
+  
+  for (const result of results) {
+    if (result.hasIssues) {
+      criticalCount++;
+      console.log(out.COLORS.critical(`\n🔴 ${result.name} — ISSUES DETECTED`));
+      console.log(out.COLORS.dim(`   Path: ${result.path}`));
+      
+      for (const finding of result.findings) {
+        if (finding.severity === 'critical') {
+          console.log(`   ${out.COLORS.error('●')} ${finding.pattern}`);
+          if (finding.matched) {
+            console.log(`     ${out.COLORS.dim(finding.matched.substring(0, 80))}`);
+          }
+        }
+      }
+    } else if (result.hasWarnings) {
+      warningCount++;
+      console.log(out.COLORS.warning(`\n🟡 ${result.name} — WARNINGS`));
+      
+      for (const finding of result.findings) {
+        if (finding.severity === 'warning') {
+          console.log(`   ${out.COLORS.warning('⚠')} ${finding.pattern}`);
+        }
+      }
+    } else {
+      safeCount++;
+      console.log(`${out.COLORS.passed('🟢')} ${result.name}`);
+    }
+  }
+  
+  out.text('');
+  out.divider();
+  out.text(`Summary: ${out.COLORS.passed(safeCount)} safe | ${out.COLORS.warning(warningCount)} warnings | ${out.COLORS.critical(criticalCount)} critical`);
+  
+  if (criticalCount > 0) {
+    out.text('');
+    out.critical('URGENT: Remove malicious skills immediately!');
+    out.text('Run: clawhub uninstall <skill-name> to remove');
+  }
+  
+  return {
+    skills: results,
+    criticalCount,
+    warningCount,
+    safeCount,
+    total: skills.length
+  };
+}
+
+module.exports = { check, getInstalledSkills, analyzeSkill, MALICIOUS_PATTERNS };

package/src/checks/version.js

@@ -0,0 +1,114 @@
+const fetch = require('node-fetch');
+const { execSync } = require('child_process');
+const out = require('../utils/output');
+
+const OPENCLAW_REPO = 'openclaw/openclaw';
+
+async function getLatestVersion() {
+  try {
+    const response = await fetch(`https://api.github.com/repos/${OPENCLAW_REPO}/releases/latest`, {
+      headers: { 'User-Agent': 'ClawShield' }
+    });
+    
+    if (!response.ok) {
+      return null;
+    }
+    
+    const data = await response.json();
+    const tagName = data.tag_name;
+    
+    const versionMatch = tagName.match(/v?(\d+\.\d+\.\d+)/);
+    if (versionMatch) {
+      return versionMatch[1];
+    }
+    
+    return tagName.replace('v', '');
+  } catch (error) {
+    out.error(`Failed to fetch latest version: ${error.message}`);
+    return null;
+  }
+}
+
+function getInstalledVersion() {
+  const commands = [
+    ['openclaw --version', null],
+    ['npx openclaw --version', null],
+    ['which openclaw && openclaw --version', null],
+    ['wsl -d Ubuntu-22.04 -- bash -c "openclaw --version"', null],
+    
+  ];
+  
+  for (const [cmd, shell] of commands) {
+    try {
+      const output = execSync(cmd, { 
+        encoding: 'utf8', 
+        timeout: 10000,
+        stdio: ['pipe', 'pipe', 'pipe']
+      });
+      
+      if (output && output.trim()) {
+        const match = output.match(/v?(\d+\.\d+\.\d+)/);
+        if (match) {
+          return match[1];
+        }
+        
+        const yearMonthDay = output.match(/(\d{4})\.(\d+)\.(\d+)/);
+        if (yearMonthDay) {
+          return `${yearMonthDay[1]}.${yearMonthDay[2]}.${yearMonthDay[3]}`;
+        }
+      }
+    } catch (e) {}
+  }
+  
+  return null;
+}
+
+function compareVersions(installed, latest) {
+  if (!installed || !latest) return 0;
+  
+  const iParts = installed.split('.').map(Number);
+  const lParts = latest.split('.').map(Number);
+  
+  for (let i = 0; i < 3; i++) {
+    if ((iParts[i] || 0) < (lParts[i] || 0)) return -1;
+    if ((iParts[i] || 0) > (lParts[i] || 0)) return 1;
+  }
+  return 0;
+}
+
+async function check() {
+  out.heading('OpenClaw Version Check');
+  
+  const installed = getInstalledVersion();
+  const latest = await getLatestVersion();
+  
+  if (!installed) {
+    out.warning('OpenClaw not found or version could not be determined');
+    out.text('Make sure OpenClaw is installed and accessible via the openclaw command');
+    return { status: 'unknown', installed, latest, outdated: false };
+  }
+  
+  out.keyValue('Installed Version', installed);
+  out.keyValue('Latest Version', latest || 'Unknown');
+  
+  if (!latest) {
+    out.warning('Could not determine latest version from GitHub');
+    return { status: 'unknown', installed, latest: 'unknown', outdated: false };
+  }
+  
+  const comparison = compareVersions(installed, latest);
+  
+  if (comparison < 0) {
+    out.critical(`OpenClaw is OUTDATED! You are ${installed} but latest is ${latest}`);
+    out.text('Run: openclaw upgrade or npm update -g openclaw');
+    return { status: 'critical', installed, latest, outdated: true };
+  } else if (comparison === 0) {
+    out.passed('OpenClaw is up to date!');
+    return { status: 'passed', installed, latest, outdated: false };
+  } else {
+    out.warning(`Installed version (${installed}) is newer than latest known (${latest})`);
+    return { status: 'warning', installed, latest, outdated: false };
+  }
+}
+
+module.exports = { check, getInstalledVersion, getLatestVersion };

package/src/commands/audit.js

@@ -0,0 +1,59 @@
+const out = require('../utils/output');
+const skillAudit = require('../checks/skillAudit');
+const secretsCheck = require('../checks/secretsCheck');
+
+function audit() {
+  out.banner();
+  
+  console.log(out.COLORS.title('║           SKILL & SECRETS AUDIT                 ║'));
+  console.log(out.COLORS.title('╚══════════════════════════════════════════════════╝'));
+  console.log('');
+  
+  console.log('This command audits installed skills and checks for exposed secrets.\n');
+  
+  const skillResults = skillAudit.check();
+  
+  console.log('');
+  out.divider();
+  
+  const secretsResults = secretsCheck.check();
+  
+  console.log('');
+  out.divider();
+  
+  console.log('');
+  console.log(out.COLORS.title('╔══════════════════════════════════════════════════╗'));
+  console.log(out.COLORS.title('║                 AUDIT SUMMARY                     ║'));
+  console.log(out.COLORS.title('╠══════════════════════════════════════════════════╣'));
+  
+  const totalIssues = skillResults.criticalCount + skillResults.warningCount + secretsResults.findings.length;
+  
+  console.log(out.COLORS.title('║') + `  Skills Audited:   ${out.COLORS.info((skillResults.total || 0).toString())}${' '.repeat(27)}` + out.COLORS.title('║'));
+  console.log(out.COLORS.title('║') + `  Critical Issues:  ${skillResults.criticalCount ? out.COLORS.error(skillResults.criticalCount.toString()) : out.COLORS.passed('0')}${' '.repeat(27)}` + out.COLORS.title('║'));
+  console.log(out.COLORS.title('║') + `  Warnings:         ${out.COLORS.warning(skillResults.warningCount.toString())}${' '.repeat(28)}` + out.COLORS.title('║'));
+  console.log(out.COLORS.title('║') + `  Secrets Found:    ${secretsResults.findings.length ? out.COLORS.error(secretsResults.findings.length.toString()) : out.COLORS.passed('0')}${' '.repeat(27)}` + out.COLORS.title('║'));
+  console.log(out.COLORS.title('║') + `  Files Scanned:    ${out.COLORS.info(secretsResults.filesScanned.toString())}${' '.repeat(28)}` + out.COLORS.title('║'));
+  console.log(out.COLORS.title('╚══════════════════════════════════════════════════╝'));
+  
+  console.log('');
+  
+  if (totalIssues === 0) {
+    console.log(out.COLORS.success('✅ No issues found!'));
+  } else {
+    console.log(out.COLORS.warning(`Found ${totalIssues} issue(s). Review above for details.`));
+  }
+  
+  console.log('');
+  console.log('Recommendations:');
+  if (skillResults.criticalCount > 0) {
+    console.log('  • Remove malicious skills immediately');
+    console.log('  • Run: clawhub uninstall <skill-name>');
+  }
+  if (secretsResults.findings.length > 0) {
+    console.log('  • Revoke and regenerate exposed API keys');
+    console.log('  • Use environment variables instead of config files');
+  }
+  console.log('');
+}
+
+module.exports = { audit };

package/src/commands/doctor.js

@@ -0,0 +1,85 @@
+const out = require('../utils/output');
+const ora = require('ora');
+const version = require('../checks/version');
+const cve = require('../checks/cve');
+const configHarden = require('../checks/configHarden');
+
+async function doctor() {
+  console.log('');
+  console.log(out.COLORS.title('╔══════════════════════════════════════════════════╗'));
+  console.log(out.COLORS.title('║            CLAWSHIELD QUICK DIAGNOSTIC           ║'));
+  console.log(out.COLORS.title('╚══════════════════════════════════════════════════╝'));
+  console.log('');
+  
+  const spinner = ora({ spinner: 'dots' }).start();
+  let allPassed = true;
+  
+  try {
+    spinner.text = 'Checking OpenClaw installation...';
+    const versionResult = await version.check();
+    out.divider();
+    
+    spinner.text = 'Checking for critical CVEs...';
+    const cveResult = await cve.check(versionResult.installed);
+    out.divider();
+    
+    spinner.text = 'Checking basic security settings...';
+    const configPath = configHarden.getOpenClawConfigPath();
+    const config = configHarden.getConfigFromFile(configPath);
+    const configResult = configHarden.checkGatewayExposure(config);
+    out.divider();
+    
+    spinner.succeed('Diagnostic complete!');
+    
+    console.log('');
+    console.log(out.COLORS.title('╔══════════════════════════════════════════════════╗'));
+    console.log(out.COLORS.title('║               QUICK SUMMARY                       ║'));
+    console.log(out.COLORS.title('╚══════════════════════════════════════════════════╝'));
+    console.log('');
+    
+    const statusItems = [
+      ['Version', versionResult.installed || 'Unknown', versionResult.outdated ? 'fail' : 'pass'],
+      ['CVEs', versionResult.outdated ? `${cveResult.count} vulnerabilities` : 'None', cveResult.vulnerable ? 'fail' : 'pass'],
+      ['Gateway', configResult.exposed ? 'EXPOSED' : 'Protected', configResult.exposed ? 'fail' : 'pass'],
+      ['Token', config?.gateway?.token ? 'Configured' : 'Missing', config?.gateway?.token ? 'pass' : 'fail']
+    ];
+    
+    out.generateTable(statusItems);
+    
+    console.log('');
+    
+    if (versionResult.outdated) {
+      out.warning('⚠ OpenClaw needs to be updated');
+      console.log('  Run: openclaw upgrade');
+      allPassed = false;
+    }
+    
+    if (cveResult.vulnerable) {
+      out.critical('🚨 Critical vulnerabilities detected!');
+      allPassed = false;
+    }
+    
+    if (configResult.exposed) {
+      out.critical('🔴 Gateway is exposed to the network!');
+      allPassed = false;
+    }
+    
+    if (allPassed) {
+      console.log(out.COLORS.success('✅ All checks passed!'));
+      console.log('');
+      console.log('Run a full scan with: clawshield scan');
+    } else {
+      console.log(out.COLORS.warning('⚠ Some issues detected.'));
+      console.log('');
+      console.log('Run a full scan for detailed analysis: clawshield scan');
+    }
+    
+  } catch (error) {
+    spinner.fail('Diagnostic failed: ' + error.message);
+    out.error('An error occurred. Make sure OpenClaw is installed.');
+  }
+  
+  console.log('');
+}
+
+module.exports = { doctor };