shellward 0.3.2

package/install.sh

@@ -0,0 +1,201 @@
+#!/bin/bash
+# ShellWard One-Click Installer / 一键安装脚本
+# Usage: curl -fsSL https://raw.githubusercontent.com/jnMetaCode/shellward/main/install.sh | bash
+
+set -e
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+CYAN='\033[0;36m'
+NC='\033[0m'
+
+# Detect language
+is_zh() {
+  local lang="${LANG:-}${LANGUAGE:-}${LC_ALL:-}"
+  [[ "$lang" == *zh* ]]
+}
+
+if is_zh; then
+  MSG_BANNER="🛡️  ShellWard 安全插件 一键安装"
+  MSG_CHECKING="正在检查环境..."
+  MSG_NODE_MISSING="❌ 未找到 Node.js (需要 v18+)。请先安装: https://nodejs.org"
+  MSG_NODE_OLD="❌ Node.js 版本过低 (当前: %s, 需要: v18+)。请升级: https://nodejs.org"
+  MSG_NODE_OK="✅ Node.js %s"
+  MSG_OC_MISSING="❌ 未找到 OpenClaw。请先安装: npm install -g openclaw"
+  MSG_OC_OK="✅ OpenClaw %s"
+  MSG_INSTALLING="正在安装 ShellWard..."
+  MSG_ALREADY="⚠️  ShellWard 已安装，正在更新..."
+  MSG_CLONE="正在下载 ShellWard..."
+  MSG_NPM="通过 npm 安装..."
+  MSG_REGISTER="正在注册插件..."
+  MSG_SUCCESS="🎉 安装成功！"
+  MSG_VERIFY="验证安装..."
+  MSG_USAGE="使用方法:"
+  MSG_CMD1="  openclaw agent --local -m \"你好\"   # 启动安全防护的 Agent"
+  MSG_CMD2="  /security                            # 查看安全状态"
+  MSG_CMD3="  /audit                               # 查看审计日志"
+  MSG_CMD4="  /harden                              # 安全扫描"
+  MSG_DOCS="文档: https://github.com/jnMetaCode/shellward"
+  MSG_MODE_TITLE="选择安装方式:"
+  MSG_MODE_1="  1) npm 安装 (推荐，自动更新)"
+  MSG_MODE_2="  2) 源码安装 (离线可用)"
+  MSG_MODE_PROMPT="请输入 [1/2] (默认 1): "
+  MSG_DONE="安装完成！ShellWard 将在下次启动 OpenClaw 时自动加载。"
+  MSG_CONFIG="配置文件 (可选):"
+else
+  MSG_BANNER="🛡️  ShellWard Security Plugin — One-Click Install"
+  MSG_CHECKING="Checking environment..."
+  MSG_NODE_MISSING="❌ Node.js not found (v18+ required). Install: https://nodejs.org"
+  MSG_NODE_OLD="❌ Node.js too old (current: %s, need: v18+). Upgrade: https://nodejs.org"
+  MSG_NODE_OK="✅ Node.js %s"
+  MSG_OC_MISSING="❌ OpenClaw not found. Install: npm install -g openclaw"
+  MSG_OC_OK="✅ OpenClaw %s"
+  MSG_INSTALLING="Installing ShellWard..."
+  MSG_ALREADY="⚠️  ShellWard already installed, updating..."
+  MSG_CLONE="Downloading ShellWard..."
+  MSG_NPM="Installing via npm..."
+  MSG_REGISTER="Registering plugin..."
+  MSG_SUCCESS="🎉 Installation successful!"
+  MSG_VERIFY="Verifying installation..."
+  MSG_USAGE="Usage:"
+  MSG_CMD1="  openclaw agent --local -m \"hello\"   # Start agent with security"
+  MSG_CMD2="  /security                            # View security status"
+  MSG_CMD3="  /audit                               # View audit log"
+  MSG_CMD4="  /harden                              # Security scan"
+  MSG_DOCS="Docs: https://github.com/jnMetaCode/shellward"
+  MSG_MODE_TITLE="Choose install method:"
+  MSG_MODE_1="  1) npm install (recommended, auto-update)"
+  MSG_MODE_2="  2) source install (works offline)"
+  MSG_MODE_PROMPT="Enter [1/2] (default 1): "
+  MSG_DONE="Done! ShellWard will auto-load next time OpenClaw starts."
+  MSG_CONFIG="Configuration (optional):"
+fi
+
+echo ""
+echo -e "${CYAN}══════════════════════════════════════════${NC}"
+echo -e "${CYAN}  $MSG_BANNER${NC}"
+echo -e "${CYAN}══════════════════════════════════════════${NC}"
+echo ""
+
+# --- Step 1: Check environment ---
+echo -e "${BLUE}$MSG_CHECKING${NC}"
+
+# Check Node.js
+if ! command -v node &>/dev/null; then
+  echo -e "${RED}$MSG_NODE_MISSING${NC}"
+  exit 1
+fi
+
+NODE_VER=$(node -v)
+NODE_MAJOR=$(echo "$NODE_VER" | sed 's/v//' | cut -d. -f1)
+if [ "$NODE_MAJOR" -lt 18 ]; then
+  printf "${RED}$MSG_NODE_OLD${NC}\n" "$NODE_VER"
+  exit 1
+fi
+printf "${GREEN}$MSG_NODE_OK${NC}\n" "$NODE_VER"
+
+# Check OpenClaw
+if ! command -v openclaw &>/dev/null; then
+  echo -e "${RED}$MSG_OC_MISSING${NC}"
+  exit 1
+fi
+
+OC_VER=$(openclaw --version 2>/dev/null | head -1 || echo "unknown")
+printf "${GREEN}$MSG_OC_OK${NC}\n" "$OC_VER"
+echo ""
+
+# --- Step 2: Choose install method ---
+INSTALL_METHOD="1"
+if [ -t 0 ]; then
+  echo -e "${YELLOW}$MSG_MODE_TITLE${NC}"
+  echo -e "$MSG_MODE_1"
+  echo -e "$MSG_MODE_2"
+  printf "$MSG_MODE_PROMPT"
+  read -r choice
+  if [ "$choice" = "2" ]; then
+    INSTALL_METHOD="2"
+  fi
+fi
+echo ""
+
+# --- Step 3: Install ---
+PLUGIN_DIR="${HOME}/.openclaw/plugins/shellward"
+
+if [ -d "$PLUGIN_DIR" ]; then
+  echo -e "${YELLOW}$MSG_ALREADY${NC}"
+  rm -rf "$PLUGIN_DIR"
+fi
+
+mkdir -p "${HOME}/.openclaw/plugins"
+
+clone_install() {
+  echo -e "${BLUE}$MSG_CLONE${NC}"
+  git clone --depth 1 https://github.com/jnMetaCode/shellward.git "$PLUGIN_DIR" 2>/dev/null
+  rm -rf "$PLUGIN_DIR/.git"
+}
+
+if [ "$INSTALL_METHOD" = "1" ]; then
+  echo -e "${BLUE}$MSG_NPM${NC}"
+  cd /tmp
+  rm -rf shellward-npm-install
+  mkdir shellward-npm-install && cd shellward-npm-install
+  if npm pack shellward 2>/dev/null; then
+    tar xzf shellward-*.tgz
+    mv package "$PLUGIN_DIR"
+    # Verify npm package has correct structure
+    if [ ! -f "$PLUGIN_DIR/src/index.ts" ]; then
+      echo -e "${YELLOW}npm package outdated, switching to git...${NC}"
+      rm -rf "$PLUGIN_DIR"
+      clone_install
+    fi
+  else
+    clone_install
+  fi
+  cd /tmp && rm -rf shellward-npm-install
+else
+  clone_install
+fi
+
+# Fix ownership
+if [ "$(id -u)" = "0" ]; then
+  chown -R root:root "$PLUGIN_DIR"
+fi
+
+echo ""
+
+# --- Step 4: Verify ---
+echo -e "${BLUE}$MSG_VERIFY${NC}"
+if [ -f "$PLUGIN_DIR/src/index.ts" ] && [ -f "$PLUGIN_DIR/openclaw.plugin.json" ]; then
+  echo -e "${GREEN}$MSG_SUCCESS${NC}"
+else
+  echo -e "${RED}Installation failed — files missing${NC}"
+  exit 1
+fi
+
+echo ""
+echo -e "${CYAN}══════════════════════════════════════════${NC}"
+echo -e "${GREEN}$MSG_DONE${NC}"
+echo ""
+echo -e "${YELLOW}$MSG_USAGE${NC}"
+echo -e "$MSG_CMD1"
+echo -e "$MSG_CMD2"
+echo -e "$MSG_CMD3"
+echo -e "$MSG_CMD4"
+echo ""
+echo -e "${YELLOW}$MSG_CONFIG${NC}"
+cat <<'CONF'
+  # ~/.openclaw/openclaw.json → plugins section:
+  {
+    "plugins": {
+      "entries": {
+        "shellward": { "enabled": true }
+      }
+    }
+  }
+CONF
+echo ""
+echo -e "${BLUE}$MSG_DOCS${NC}"
+echo ""

package/openclaw.plugin.json

@@ -0,0 +1,47 @@
+{
+  "id": "shellward",
+  "name": "ShellWard",
+  "description": "First bilingual (EN/ZH) security plugin for OpenClaw — injection detection, dangerous operation blocking, PII/secret redaction (incl. Chinese ID card, phone, bank card), audit logging",
+  "version": "0.3.2",
+  "skills": ["./skills"],
+  "configSchema": {
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {
+      "mode": {
+        "type": "string",
+        "enum": ["enforce", "audit"],
+        "default": "enforce",
+        "description": "enforce = block + log, audit = log only"
+      },
+      "locale": {
+        "type": "string",
+        "enum": ["auto", "zh", "en"],
+        "default": "auto",
+        "description": "auto = detect from system language"
+      },
+      "layers": {
+        "type": "object",
+        "properties": {
+          "promptGuard":   { "type": "boolean", "default": true },
+          "outputScanner": { "type": "boolean", "default": true },
+          "toolBlocker":   { "type": "boolean", "default": true },
+          "inputAuditor":  { "type": "boolean", "default": true },
+          "securityGate":  { "type": "boolean", "default": true },
+          "outboundGuard": { "type": "boolean", "default": true },
+          "dataFlowGuard": { "type": "boolean", "default": true },
+          "sessionGuard":  { "type": "boolean", "default": true }
+        }
+      },
+      "injectionThreshold": {
+        "type": "number",
+        "default": 60,
+        "description": "Injection risk score threshold (0-100) to trigger block/alert"
+      }
+    }
+  },
+  "uiHints": {
+    "mode": { "label": "Security Mode", "help": "enforce blocks dangerous operations; audit only logs them" },
+    "locale": { "label": "Language", "help": "auto detects from system LANG; zh for Chinese; en for English" }
+  }
+}

package/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "shellward",
+  "version": "0.3.2",
+  "description": "First bilingual (EN/ZH) security plugin for OpenClaw — injection detection, dangerous operation blocking, PII/secret redaction, audit logging",
+  "keywords": [
+    "openclaw",
+    "security",
+    "plugin",
+    "injection-detection",
+    "pii-redaction",
+    "chinese",
+    "bilingual"
+  ],
+  "author": "jnMetaCode",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/jnMetaCode/clawguard"
+  },
+  "type": "module",
+  "main": "src/index.ts",
+  "openclaw": {
+    "extensions": [
+      "./src/index.ts"
+    ]
+  },
+  "files": [
+    "src/",
+    "skills/",
+    "openclaw.plugin.json",
+    "install.sh",
+    "install.ps1",
+    "LICENSE",
+    "README.md"
+  ],
+  "engines": {
+    "node": ">=18"
+  }
+}

package/skills/security-guide/SKILL.md

@@ -0,0 +1,68 @@
+---
+name: security-guide
+description: OpenClaw 安全部署指南 / Security deployment guide — help users secure their OpenClaw installation
+user-invocable: true
+disable-model-invocation: false
+---
+
+# ShellWard Security Deployment Guide / 安全部署指南
+
+When the user invokes this skill, provide a complete security deployment checklist based on the following best practices. Check the current system state using available tools and give actionable recommendations.
+
+## Security Checklist
+
+### 1. Network Control / 网络控制
+- Check if OpenClaw gateway port (19000/19001) is exposed to public network
+- Recommend binding to 127.0.0.1 or using a reverse proxy with authentication
+- Suggest firewall rules: `ufw allow from 127.0.0.1 to any port 19000`
+- For cloud servers: check security group rules
+
+### 2. Container Isolation / 容器隔离
+- Recommend running OpenClaw in Docker with restricted capabilities:
+  ```
+  docker run --cap-drop=ALL --cap-add=NET_BIND_SERVICE \
+    --read-only --tmpfs /tmp \
+    -u 1000:1000 \
+    openclaw
+  ```
+- Suggest resource limits: `--memory=2g --cpus=1`
+- Mount only necessary directories
+
+### 3. Credential Management / 凭证管理
+- Scan for plaintext secrets in .env, .bashrc, environment variables
+- Recommend using a secret manager (Vault, doppler, etc.)
+- Check file permissions on sensitive files (should be 0600)
+- Suggest `chmod 600 ~/.env ~/.ssh/* ~/.aws/credentials`
+
+### 4. Audit Logging / 审计日志
+- Verify ShellWard audit log is active at ~/.openclaw/shellward/audit.jsonl
+- Show recent security events
+- Recommend log rotation and backup strategy
+- Suggest sending critical events to external SIEM
+
+### 5. Plugin Security / 插件安全
+- List all installed plugins and check for known risks
+- Disable auto-update for plugins
+- Only install from trusted sources
+- Scan plugin code for suspicious patterns
+
+### 6. Patch Management / 补丁管理
+- Check current OpenClaw version
+- Report known vulnerabilities for current version
+- Recommend upgrade path
+- Check Node.js version (must be >= 22.12)
+
+## Available Commands
+Remind the user about ShellWard's quick commands:
+- `/security` — Full security status overview
+- `/audit [count] [filter]` — View audit log
+- `/harden` — Scan for issues, `/harden fix` to auto-fix
+- `/scan-plugins` — Scan plugins for security risks
+- `/check-updates` — Check versions and vulnerabilities
+
+## Response Style
+- Be concise and actionable
+- Use the user's language (detect from their message)
+- Prioritize critical issues first
+- For each issue, provide the exact command to fix it
+- Ask for confirmation before executing destructive operations

package/src/audit-log.ts

@@ -0,0 +1,57 @@
+// src/audit-log.ts — JSONL audit log, zero dependencies
+
+import { appendFileSync, chmodSync, mkdirSync, renameSync, statSync, writeFileSync } from 'fs'
+import { join } from 'path'
+import type { AuditEntry, ShellWardConfig } from './types'
+
+const LOG_DIR = join(process.env.HOME || '~', '.openclaw', 'shellward')
+const LOG_FILE = join(LOG_DIR, 'audit.jsonl')
+const MAX_SIZE_BYTES = 100 * 1024 * 1024 // 100 MB
+
+export class AuditLog {
+  private config: ShellWardConfig
+  private rotating = false
+
+  constructor(config: ShellWardConfig) {
+    this.config = config
+    try {
+      mkdirSync(LOG_DIR, { recursive: true, mode: 0o700 })
+      // Ensure log file exists with restricted permissions (owner-only)
+      try {
+        statSync(LOG_FILE)
+      } catch {
+        writeFileSync(LOG_FILE, '', { mode: 0o600 })
+      }
+    } catch { /* directory may already exist */ }
+  }
+
+  write(entry: Omit<AuditEntry, 'ts' | 'mode'>): void {
+    try {
+      const record: AuditEntry = {
+        ts: new Date().toISOString(),
+        mode: this.config.mode,
+        ...entry,
+      }
+      appendFileSync(LOG_FILE, JSON.stringify(record) + '\n', { mode: 0o600 })
+      this.rotateIfNeeded()
+    } catch (e: any) {
+      // Log failure must not break plugin, but warn via stderr
+      try { process.stderr.write(`[ShellWard] audit log write failed: ${e?.message}\n`) } catch {}
+    }
+  }
+
+  private rotateIfNeeded(): void {
+    if (this.rotating) return
+    try {
+      const stat = statSync(LOG_FILE)
+      if (stat.size > MAX_SIZE_BYTES) {
+        this.rotating = true
+        const ts = new Date().toISOString().replace(/[:.]/g, '-')
+        renameSync(LOG_FILE, `${LOG_FILE}.${ts}.bak`)
+        writeFileSync(LOG_FILE, '', { mode: 0o600 })
+      }
+    } catch { /* ignore */ } finally {
+      this.rotating = false
+    }
+  }
+}

package/src/commands/audit.ts

@@ -0,0 +1,79 @@
+// src/commands/audit.ts — /audit command: view recent audit log entries
+
+import { readFileSync, statSync } from 'fs'
+import { join } from 'path'
+import type { ShellWardConfig } from '../types'
+import { resolveLocale } from '../types'
+
+const LOG_FILE = join(process.env.HOME || '~', '.openclaw', 'shellward', 'audit.jsonl')
+
+export function registerAuditCommand(api: any, config: ShellWardConfig) {
+  const locale = resolveLocale(config)
+
+  api.registerCommand({
+    name: 'audit',
+    description: locale === 'zh'
+      ? '📋 查看 ShellWard 审计日志 (用法: /audit [数量] [block|redact|critical])'
+      : '📋 View ShellWard audit log (usage: /audit [count] [block|redact|critical])',
+    acceptsArgs: true,
+    handler: (ctx: any) => {
+      const zh = locale === 'zh'
+      const args = (ctx.args || '').trim().split(/\s+/).filter(Boolean)
+
+      // Parse args: count and optional filter
+      let count = 20
+      let filter = ''
+      for (const arg of args) {
+        if (/^\d+$/.test(arg)) {
+          count = Math.min(parseInt(arg), 100)
+        } else {
+          filter = arg.toLowerCase()
+        }
+      }
+
+      try {
+        statSync(LOG_FILE)
+      } catch {
+        return { text: zh ? '⚠️ 审计日志文件不存在，尚无安全事件记录。' : '⚠️ Audit log not found. No security events recorded yet.' }
+      }
+
+      const content = readFileSync(LOG_FILE, 'utf-8')
+      let lines = content.trim().split('\n').filter(Boolean)
+
+      // Apply filter
+      if (filter === 'block') {
+        lines = lines.filter(l => l.includes('"action":"block"'))
+      } else if (filter === 'redact') {
+        lines = lines.filter(l => l.includes('"action":"redact"'))
+      } else if (filter === 'critical') {
+        lines = lines.filter(l => l.includes('"level":"CRITICAL"'))
+      } else if (filter === 'high') {
+        lines = lines.filter(l => l.includes('"level":"HIGH"') || l.includes('"level":"CRITICAL"'))
+      }
+
+      // Get last N entries
+      const recent = lines.slice(-count)
+
+      if (recent.length === 0) {
+        return { text: zh ? '✅ 没有匹配的审计事件。' : '✅ No matching audit events.' }
+      }
+
+      const header = zh
+        ? `📋 **审计日志** (最近 ${recent.length} 条${filter ? `, 过滤: ${filter}` : ''})`
+        : `📋 **Audit Log** (last ${recent.length} entries${filter ? `, filter: ${filter}` : ''})`
+
+      const formatted = recent.map(line => {
+        try {
+          const e = JSON.parse(line)
+          const icon = e.action === 'block' ? '🚫' : e.action === 'redact' ? '🔒' : e.level === 'CRITICAL' ? '🔴' : 'ℹ️'
+          const time = e.ts?.slice(11, 19) || '??:??:??'
+          return `${icon} \`${time}\` **${e.layer}** ${e.action}: ${e.detail?.slice(0, 80) || ''}${e.pattern ? ` [${e.pattern}]` : ''}`
+        } catch {
+          return line.slice(0, 100)
+        }
+      })
+
+      return { text: `${header}\n\n${formatted.join('\n')}` }
+    },
+  })
+}

package/src/commands/check-updates.ts

@@ -0,0 +1,151 @@
+// src/commands/check-updates.ts — /check-updates: check OpenClaw version and known vulnerabilities
+
+import { execSync } from 'child_process'
+import { existsSync, readFileSync } from 'fs'
+import { join } from 'path'
+import type { ShellWardConfig } from '../types'
+import { resolveLocale } from '../types'
+
+// Known vulnerability database (hardcoded, updated with plugin releases)
+// Format: { version_range, severity, cve, description_zh, description_en }
+const KNOWN_VULNS = [
+  {
+    affectedBelow: '2026.3.6',
+    severity: 'HIGH',
+    id: 'CG-2026-001',
+    description_zh: 'tool_result_persist hook 可被绕过泄露敏感数据',
+    description_en: 'tool_result_persist hook bypass may leak sensitive data',
+  },
+  {
+    affectedBelow: '2026.3.4',
+    severity: 'CRITICAL',
+    id: 'CG-2026-002',
+    description_zh: '插件系统缺少签名验证，可加载恶意插件',
+    description_en: 'Plugin system lacks signature verification, allows malicious plugins',
+  },
+  {
+    affectedBelow: '2026.3.2',
+    severity: 'HIGH',
+    id: 'CG-2026-003',
+    description_zh: 'Gateway 默认绑定 0.0.0.0，未认证即可远程执行',
+    description_en: 'Gateway binds 0.0.0.0 by default, allows unauthenticated remote execution',
+  },
+]
+
+export function registerCheckUpdatesCommand(api: any, config: ShellWardConfig) {
+  const locale = resolveLocale(config)
+
+  api.registerCommand({
+    name: 'check-updates',
+    description: locale === 'zh'
+      ? '🔄 检查 OpenClaw 版本和已知漏洞'
+      : '🔄 Check OpenClaw version and known vulnerabilities',
+    acceptsArgs: false,
+    handler: () => {
+      const zh = locale === 'zh'
+      const lines: string[] = []
+
+      lines.push(zh ? '🔄 **版本与漏洞检查**' : '🔄 **Version & Vulnerability Check**')
+      lines.push('')
+
+      // 1. Get OpenClaw version
+      let currentVersion = 'unknown'
+      try {
+        const out = execSync('openclaw --version 2>&1', { timeout: 5000 }).toString().trim()
+        // Extract version like "2026.3.8"
+        const match = out.match(/(\d{4}\.\d+\.\d+)/)
+        if (match) currentVersion = match[1]
+      } catch { /* skip */ }
+
+      lines.push(zh
+        ? `### OpenClaw 版本: ${currentVersion}`
+        : `### OpenClaw Version: ${currentVersion}`)
+      lines.push('')
+
+      // 2. Check ShellWard version
+      let shellwardVersion = 'unknown'
+      try {
+        const pkgPath = join(__dirname, '../../package.json')
+        if (existsSync(pkgPath)) {
+          const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'))
+          shellwardVersion = pkg.version || 'unknown'
+        }
+      } catch { /* skip */ }
+
+      lines.push(zh
+        ? `### ShellWard 版本: ${shellwardVersion}`
+        : `### ShellWard Version: ${shellwardVersion}`)
+      lines.push('')
+
+      // 3. Check known vulnerabilities
+      lines.push(zh ? '### 已知漏洞检查' : '### Known Vulnerability Check')
+
+      if (currentVersion === 'unknown') {
+        lines.push(zh
+          ? '  ⚠️ 无法确定 OpenClaw 版本，请手动检查'
+          : '  ⚠️ Cannot determine OpenClaw version, please check manually')
+      } else {
+        const affected = KNOWN_VULNS.filter(v => compareVersions(currentVersion, v.affectedBelow) < 0)
+        if (affected.length === 0) {
+          lines.push(zh
+            ? '  ✅ 当前版本未发现已知漏洞'
+            : '  ✅ No known vulnerabilities for current version')
+        } else {
+          for (const vuln of affected) {
+            const icon = vuln.severity === 'CRITICAL' ? '🔴' : '🟡'
+            const desc = zh ? vuln.description_zh : vuln.description_en
+            lines.push(`  ${icon} **${vuln.id}** [${vuln.severity}]: ${desc}`)
+            lines.push(zh
+              ? `     影响版本: < ${vuln.affectedBelow} — 请升级 OpenClaw`
+              : `     Affected: < ${vuln.affectedBelow} — please upgrade OpenClaw`)
+          }
+        }
+      }
+      lines.push('')
+
+      // 4. Check Node.js version
+      lines.push(zh ? '### 运行环境' : '### Runtime Environment')
+      try {
+        const nodeVer = process.version
+        const major = parseInt(nodeVer.slice(1))
+        if (major < 22) {
+          lines.push(zh
+            ? `  ⚠️ Node.js ${nodeVer} — OpenClaw 要求 >= 22.12，请升级`
+            : `  ⚠️ Node.js ${nodeVer} — OpenClaw requires >= 22.12, please upgrade`)
+        } else {
+          lines.push(zh
+            ? `  ✅ Node.js ${nodeVer}`
+            : `  ✅ Node.js ${nodeVer}`)
+        }
+      } catch { /* skip */ }
+
+      lines.push(`  ${zh ? '平台' : 'Platform'}: ${process.platform} ${process.arch}`)
+      lines.push('')
+
+      // 5. Recommendations
+      lines.push('---')
+      lines.push(zh
+        ? '💡 **建议**: 定期运行 `/check-updates` 检查，及时升级到最新版本'
+        : '💡 **Tip**: Run `/check-updates` regularly, upgrade to latest versions promptly')
+      lines.push(zh
+        ? '📖 关注 OpenClaw 安全公告: https://github.com/nicepkg/openclaw/security'
+        : '📖 Follow OpenClaw security advisories: https://github.com/nicepkg/openclaw/security')
+
+      return { text: lines.join('\n') }
+    },
+  })
+}
+
+/**
+ * Compare two version strings like "2026.3.8" vs "2026.3.6"
+ * Returns: negative if a < b, 0 if equal, positive if a > b
+ */
+function compareVersions(a: string, b: string): number {
+  const pa = a.split('.').map(Number)
+  const pb = b.split('.').map(Number)
+  for (let i = 0; i < Math.max(pa.length, pb.length); i++) {
+    const diff = (pa[i] || 0) - (pb[i] || 0)
+    if (diff !== 0) return diff
+  }
+  return 0
+}