shellward 0.3.4 → 0.5.0

package/src/auto-check.ts

@@ -0,0 +1,177 @@
+// src/auto-check.ts — 启动时自动安全检查，减少人为操作
+// 异步执行，不阻塞启动；发现问题时通过 logger 告警
+
+import { execSync } from 'child_process'
+import { existsSync, readFileSync, readdirSync } from 'fs'
+import { join } from 'path'
+import { getHomeDir } from './utils'
+import { fetchVulnDB, compareVersions } from './update-check'
+
+const OPENCLAW_DIR = join(getHomeDir(), '.openclaw')
+
+export interface AutoCheckResult {
+  openclawVulns: { id: string; severity: string; description: string }[]
+  pluginRisks: { plugin: string; risk: string }[]
+  mcpRisks: { config: string; risk: string }[]
+  rootWarning: boolean
+}
+
+const SUSPICIOUS_PATTERNS = [
+  { pattern: /eval\s*\(/, name: 'eval()' },
+  { pattern: /\/dev\/tcp|nc\s+-e|ncat/, name: 'reverse shell' },
+  { pattern: /webhook|exfil|callback.*http/i, name: 'data exfil' },
+]
+
+/**
+ * 获取 OpenClaw 版本
+ */
+function getOpenClawVersion(): string {
+  try {
+    const out = execSync('openclaw --version 2>&1', { timeout: 5000 }).toString().trim()
+    const match = out.match(/(\d{4}\.\d+\.\d+|\d+\.\d+\.\d+)/)
+    return match ? match[1] : 'unknown'
+  } catch {
+    return 'unknown'
+  }
+}
+
+/**
+ * 检查 OpenClaw 是否受已知漏洞影响
+ */
+async function checkOpenClawVulns(version: string): Promise<{ id: string; severity: string; description: string }[]> {
+  const vulns: { id: string; severity: string; description: string }[] = []
+  try {
+    const { vulns: db } = await fetchVulnDB()
+    const list = db.length > 0 ? db : [
+      { affectedBelow: '1.0.111', severity: 'HIGH' as const, id: 'CVE-2025-59536', description_zh: 'RCE via Hooks/MCP', description_en: 'RCE via Hooks/MCP' },
+      { affectedBelow: '2.0.65', severity: 'MEDIUM' as const, id: 'CVE-2026-21852', description_zh: 'API Key exfil', description_en: 'API Key exfil' },
+    ]
+    for (const v of list) {
+      if (version !== 'unknown' && compareVersions(version, v.affectedBelow) < 0) {
+        vulns.push({
+          id: v.id,
+          severity: v.severity || 'MEDIUM',
+          description: (v as any).description_zh || (v as any).description_en || v.id,
+        })
+      }
+    }
+  } catch { /* ignore */ }
+  return vulns
+}
+
+/**
+ * 快速扫描插件中的高风险模式
+ */
+function scanPluginsQuick(): { plugin: string; risk: string }[] {
+  const risks: { plugin: string; risk: string }[] = []
+  const dirs = [
+    join(OPENCLAW_DIR, 'extensions'),
+    join(OPENCLAW_DIR, 'plugins'),
+  ]
+  for (const dir of dirs) {
+    if (!existsSync(dir)) continue
+    try {
+      for (const name of readdirSync(dir)) {
+        const p = join(dir, name)
+        if (name.startsWith('.')) continue
+        try {
+          const files = readdirSync(p)
+          for (const f of files) {
+            if (!/\.(ts|js)$/.test(f)) continue
+            const content = readFileSync(join(p, f), 'utf-8').slice(0, 50000)
+            for (const { pattern, name: riskName } of SUSPICIOUS_PATTERNS) {
+              if (pattern.test(content)) {
+                risks.push({ plugin: name, risk: riskName })
+                break
+              }
+            }
+          }
+        } catch { /* skip */ }
+      }
+    } catch { /* skip */ }
+  }
+  return risks
+}
+
+/**
+ * 扫描 MCP 配置中的可疑项
+ */
+function scanMcpConfig(): { config: string; risk: string }[] {
+  const risks: { config: string; risk: string }[] = []
+  const configPaths = [
+    join(OPENCLAW_DIR, 'mcp.json'),
+    join(OPENCLAW_DIR, 'config', 'mcp.json'),
+    join(OPENCLAW_DIR, 'settings.json'),
+  ]
+  for (const p of configPaths) {
+    if (!existsSync(p)) continue
+    try {
+      const content = readFileSync(p, 'utf-8')
+      if (/webhook|exfil|callback|pastebin|requestbin/i.test(content)) {
+        risks.push({ config: p, risk: 'suspicious URL in config' })
+      }
+      if (/command.*:.*["'](?:curl|wget|nc)\s/i.test(content)) {
+        risks.push({ config: p, risk: 'network command in MCP' })
+      }
+    } catch { /* skip */ }
+  }
+  return risks
+}
+
+/**
+ * 执行全部自动检查，返回结果（供启动时告警用）
+ */
+export async function runAutoCheck(): Promise<AutoCheckResult> {
+  const ocVersion = getOpenClawVersion()
+  const [openclawVulns, pluginRisks, mcpRisks] = await Promise.all([
+    checkOpenClawVulns(ocVersion),
+    Promise.resolve(scanPluginsQuick()),
+    Promise.resolve(scanMcpConfig()),
+  ])
+  const rootWarning = typeof process.getuid === 'function' && process.getuid() === 0
+  return { openclawVulns, pluginRisks, mcpRisks, rootWarning }
+}
+
+/**
+ * 启动时执行检查，发现问题时通过 logger 告警
+ */
+export function runAutoCheckOnStartup(logger: { warn: (s: string) => void }, locale: 'zh' | 'en'): void {
+  runAutoCheck().then(result => {
+    const zh = locale === 'zh'
+    const lines: string[] = []
+
+    if (result.openclawVulns.length > 0) {
+      lines.push(zh ? '⚠️ OpenClaw 存在已知漏洞:' : '⚠️ OpenClaw has known vulnerabilities:')
+      for (const v of result.openclawVulns) {
+        lines.push(`  ${v.id} [${v.severity}]: ${v.description}`)
+      }
+      lines.push(zh ? '  请运行 /check-updates 查看详情并升级' : '  Run /check-updates for details and upgrade')
+    }
+
+    if (result.pluginRisks.length > 0) {
+      lines.push(zh ? '⚠️ 插件扫描发现可疑模式:' : '⚠️ Plugin scan found suspicious patterns:')
+      for (const r of result.pluginRisks.slice(0, 3)) {
+        lines.push(`  ${r.plugin}: ${r.risk}`)
+      }
+      if (result.pluginRisks.length > 3) {
+        lines.push(`  ... 共 ${result.pluginRisks.length} 项`)
+      }
+      lines.push(zh ? '  请运行 /scan-plugins 查看详情' : '  Run /scan-plugins for details')
+    }
+
+    if (result.mcpRisks.length > 0) {
+      lines.push(zh ? '⚠️ MCP 配置存在可疑项:' : '⚠️ Suspicious items in MCP config:')
+      for (const r of result.mcpRisks) {
+        lines.push(`  ${r.config}: ${r.risk}`)
+      }
+    }
+
+    if (result.rootWarning) {
+      lines.push(zh ? '⚠️ 正在以 root 运行，建议使用普通用户' : '⚠️ Running as root, consider using non-root user')
+    }
+
+    if (lines.length > 0) {
+      logger.warn('[ShellWard] 自动安全检查:\n' + lines.join('\n'))
+    }
+  }).catch(() => { /* 静默失败，不阻塞 */ })
+}

package/src/commands/audit.ts

@@ -2,10 +2,11 @@
 
 import { readFileSync, statSync } from 'fs'
 import { join } from 'path'
+import { getHomeDir } from '../utils'
 import type { ShellWardConfig } from '../types'
 import { resolveLocale } from '../types'
 
-const LOG_FILE = join(process.env.HOME || '~', '.openclaw', 'shellward', 'audit.jsonl')
+const LOG_FILE = join(getHomeDir(), '.openclaw', 'shellward', 'audit.jsonl')
 
 export function registerAuditCommand(api: any, config: ShellWardConfig) {
   const locale = resolveLocale(config)
@@ -13,8 +14,8 @@ export function registerAuditCommand(api: any, config: ShellWardConfig) {
   api.registerCommand({
     name: 'audit',
     description: locale === 'zh'
-      ? '📋 查看 ShellWard 审计日志 (用法: /audit [数量] [block|redact|critical])'
-      : '📋 View ShellWard audit log (usage: /audit [count] [block|redact|critical])',
+      ? '📋 查看 ShellWard 审计日志 (用法: /audit [数量] [block|audit|critical])'
+      : '📋 View ShellWard audit log (usage: /audit [count] [block|audit|critical])',
     acceptsArgs: true,
     handler: (ctx: any) => {
       const zh = locale === 'zh'
@@ -43,6 +44,8 @@ export function registerAuditCommand(api: any, config: ShellWardConfig) {
       // Apply filter
       if (filter === 'block') {
         lines = lines.filter(l => l.includes('"action":"block"'))
+      } else if (filter === 'audit') {
+        lines = lines.filter(l => l.includes('"action":"audit"'))
       } else if (filter === 'redact') {
         lines = lines.filter(l => l.includes('"action":"redact"'))
       } else if (filter === 'critical') {
@@ -65,7 +68,7 @@ export function registerAuditCommand(api: any, config: ShellWardConfig) {
       const formatted = recent.map(line => {
         try {
           const e = JSON.parse(line)
-          const icon = e.action === 'block' ? '🚫' : e.action === 'redact' ? '🔒' : e.level === 'CRITICAL' ? '🔴' : 'ℹ️'
+          const icon = e.action === 'block' ? '🚫' : e.action === 'audit' ? '📋' : e.action === 'redact' ? '🔒' : e.level === 'CRITICAL' ? '🔴' : 'ℹ️'
           const time = e.ts?.slice(11, 19) || '??:??:??'
           return `${icon} \`${time}\` **${e.layer}** ${e.action}: ${e.detail?.slice(0, 80) || ''}${e.pattern ? ` [${e.pattern}]` : ''}`
         } catch {

package/src/commands/check-updates.ts

@@ -1,34 +1,35 @@
-// src/commands/check-updates.ts — /check-updates: check OpenClaw version and known vulnerabilities
+// src/commands/check-updates.ts — /check-updates: check versions + remote vulnerability DB
 
 import { execSync } from 'child_process'
 import { existsSync, readFileSync } from 'fs'
 import { join } from 'path'
 import type { ShellWardConfig } from '../types'
 import { resolveLocale } from '../types'
+import { checkForUpdate, fetchVulnDB, compareVersions } from '../update-check'
 
-// Known vulnerability database (hardcoded, updated with plugin releases)
-// Format: { version_range, severity, cve, description_zh, description_en }
-const KNOWN_VULNS = [
+// Local fallback vulnerability database (used when remote fetch fails)
+// Contains only CVE-assigned vulnerabilities as minimum baseline
+const LOCAL_VULNS = [
   {
-    affectedBelow: '2026.3.6',
-    severity: 'HIGH',
-    id: 'CG-2026-001',
-    description_zh: 'tool_result_persist hook 可被绕过泄露敏感数据',
-    description_en: 'tool_result_persist hook bypass may leak sensitive data',
+    affectedBelow: '1.0.111',
+    severity: 'HIGH' as const,
+    id: 'CVE-2025-59536',
+    description_zh: '远程代码执行：恶意仓库通过 Hooks 和 MCP Server 在信任提示前执行任意命令 (CVSS 8.7)',
+    description_en: 'RCE via Hooks and MCP Server bypass — arbitrary shell execution before trust dialog (CVSS 8.7)',
   },
   {
-    affectedBelow: '2026.3.4',
-    severity: 'CRITICAL',
-    id: 'CG-2026-002',
-    description_zh: '插件系统缺少签名验证，可加载恶意插件',
-    description_en: 'Plugin system lacks signature verification, allows malicious plugins',
+    affectedBelow: '2.0.65',
+    severity: 'MEDIUM' as const,
+    id: 'CVE-2026-21852',
+    description_zh: 'API 密钥泄露：恶意仓库通过 settings.json 设置 ANTHROPIC_BASE_URL 窃取用户 API Key (CVSS 5.3)',
+    description_en: 'API key exfiltration via ANTHROPIC_BASE_URL in settings.json before trust prompt (CVSS 5.3)',
   },
   {
-    affectedBelow: '2026.3.2',
-    severity: 'HIGH',
-    id: 'CG-2026-003',
-    description_zh: 'Gateway 默认绑定 0.0.0.0，未认证即可远程执行',
-    description_en: 'Gateway binds 0.0.0.0 by default, allows unauthenticated remote execution',
+    affectedBelow: '2026.2.7',
+    severity: 'HIGH' as const,
+    id: 'GHSA-ff64-7w26-62rf',
+    description_zh: '沙箱逃逸：通过 settings.json 持久化配置注入',
+    description_en: 'Sandbox escape via persistent configuration injection in settings.json',
   },
 ]
 
@@ -38,10 +39,10 @@ export function registerCheckUpdatesCommand(api: any, config: ShellWardConfig) {
   api.registerCommand({
     name: 'check-updates',
     description: locale === 'zh'
-      ? '🔄 检查 OpenClaw 版本和已知漏洞'
-      : '🔄 Check OpenClaw version and known vulnerabilities',
+      ? '🔄 检查版本更新和已知漏洞（支持远程漏洞库）'
+      : '🔄 Check for updates and known vulnerabilities (remote vuln DB)',
     acceptsArgs: false,
-    handler: () => {
+    handler: async () => {
       const zh = locale === 'zh'
       const lines: string[] = []
 
@@ -49,20 +50,19 @@ export function registerCheckUpdatesCommand(api: any, config: ShellWardConfig) {
       lines.push('')
 
       // 1. Get OpenClaw version
-      let currentVersion = 'unknown'
+      let openclawVersion = 'unknown'
       try {
         const out = execSync('openclaw --version 2>&1', { timeout: 5000 }).toString().trim()
-        // Extract version like "2026.3.8"
         const match = out.match(/(\d{4}\.\d+\.\d+)/)
-        if (match) currentVersion = match[1]
+        if (match) openclawVersion = match[1]
       } catch { /* skip */ }
 
       lines.push(zh
-        ? `### OpenClaw 版本: ${currentVersion}`
-        : `### OpenClaw Version: ${currentVersion}`)
+        ? `### OpenClaw 版本: ${openclawVersion}`
+        : `### OpenClaw Version: ${openclawVersion}`)
       lines.push('')
 
-      // 2. Check ShellWard version
+      // 2. Check ShellWard version + available update
       let shellwardVersion = 'unknown'
       try {
         const pkgPath = join(__dirname, '../../package.json')
@@ -75,17 +75,45 @@ export function registerCheckUpdatesCommand(api: any, config: ShellWardConfig) {
       lines.push(zh
         ? `### ShellWard 版本: ${shellwardVersion}`
         : `### ShellWard Version: ${shellwardVersion}`)
+
+      // Check for ShellWard update from npm
+      try {
+        const updateInfo = await checkForUpdate(shellwardVersion)
+        if (updateInfo?.updateAvailable) {
+          lines.push(zh
+            ? `  🆕 **新版本 v${updateInfo.latest} 可用！** 运行 \`openclaw plugins update shellward\` 更新`
+            : `  🆕 **v${updateInfo.latest} available!** Run \`openclaw plugins update shellward\` to update`)
+        } else if (updateInfo) {
+          lines.push(zh ? '  ✅ 已是最新版本' : '  ✅ Up to date')
+        }
+      } catch { /* skip */ }
       lines.push('')
 
-      // 3. Check known vulnerabilities
+      // 3. Check known vulnerabilities (remote DB with local fallback)
       lines.push(zh ? '### 已知漏洞检查' : '### Known Vulnerability Check')
 
-      if (currentVersion === 'unknown') {
+      let vulnDB = LOCAL_VULNS
+      let alerts: { id: string; severity: string; date: string; description_zh: string; description_en: string }[] = []
+      let dbSource = 'local'
+      try {
+        const remote = await fetchVulnDB()
+        if (remote.vulns.length > 0) {
+          vulnDB = remote.vulns
+          dbSource = 'remote'
+        }
+        alerts = remote.alerts || []
+      } catch { /* use local */ }
+
+      lines.push(zh
+        ? `  数据源: ${dbSource === 'remote' ? `远程漏洞库 (GitHub) — ${vulnDB.length} 条记录` : '本地内置数据库'}`
+        : `  Source: ${dbSource === 'remote' ? `Remote vuln DB (GitHub) — ${vulnDB.length} entries` : 'Local built-in database'}`)
+
+      if (openclawVersion === 'unknown') {
         lines.push(zh
           ? '  ⚠️ 无法确定 OpenClaw 版本，请手动检查'
           : '  ⚠️ Cannot determine OpenClaw version, please check manually')
       } else {
-        const affected = KNOWN_VULNS.filter(v => compareVersions(currentVersion, v.affectedBelow) < 0)
+        const affected = vulnDB.filter(v => compareVersions(openclawVersion, v.affectedBelow) < 0)
         if (affected.length === 0) {
           lines.push(zh
             ? '  ✅ 当前版本未发现已知漏洞'
@@ -96,11 +124,22 @@ export function registerCheckUpdatesCommand(api: any, config: ShellWardConfig) {
             const desc = zh ? vuln.description_zh : vuln.description_en
             lines.push(`  ${icon} **${vuln.id}** [${vuln.severity}]: ${desc}`)
             lines.push(zh
-              ? `     影响版本: < ${vuln.affectedBelow} — 请升级 OpenClaw`
-              : `     Affected: < ${vuln.affectedBelow} — please upgrade OpenClaw`)
+              ? `     影响版本: < ${vuln.affectedBelow} — 请升级`
+              : `     Affected: < ${vuln.affectedBelow} — please upgrade`)
           }
         }
       }
+
+      // Supply chain alerts
+      if (alerts.length > 0) {
+        lines.push('')
+        lines.push(zh ? '### 供应链安全警告' : '### Supply Chain Alerts')
+        for (const alert of alerts) {
+          const icon = alert.severity === 'CRITICAL' ? '🔴' : '🟡'
+          const desc = zh ? alert.description_zh : alert.description_en
+          lines.push(`  ${icon} **${alert.id}** [${alert.date}]: ${desc}`)
+        }
+      }
       lines.push('')
 
       // 4. Check Node.js version
@@ -135,17 +174,3 @@ export function registerCheckUpdatesCommand(api: any, config: ShellWardConfig) {
     },
   })
 }
-
-/**
- * Compare two version strings like "2026.3.8" vs "2026.3.6"
- * Returns: negative if a < b, 0 if equal, positive if a > b
- */
-function compareVersions(a: string, b: string): number {
-  const pa = a.split('.').map(Number)
-  const pb = b.split('.').map(Number)
-  for (let i = 0; i < Math.max(pa.length, pb.length); i++) {
-    const diff = (pa[i] || 0) - (pb[i] || 0)
-    if (diff !== 0) return diff
-  }
-  return 0
-}

package/src/commands/harden.ts

@@ -6,7 +6,8 @@ import { execSync } from 'child_process'
 import type { ShellWardConfig } from '../types'
 import { resolveLocale } from '../types'
 
-const HOME = process.env.HOME || '~'
+import { getHomeDir } from '../utils'
+const HOME = getHomeDir()
 
 export function registerHardenCommand(api: any, config: ShellWardConfig) {
   const locale = resolveLocale(config)
@@ -171,6 +172,43 @@ export function registerHardenCommand(api: any, config: ShellWardConfig) {
       }
       lines.push('')
 
+      // === 5. One-click scripts ===
+      lines.push(zh ? '### 一键安全脚本' : '### One-click Security Scripts')
+
+      // Dockerfile
+      lines.push(zh ? '**容器隔离** — 复制以下 Dockerfile:' : '**Container isolation** — copy this Dockerfile:')
+      lines.push('```dockerfile')
+      lines.push('FROM node:22-slim')
+      lines.push('RUN useradd -m -s /bin/bash openclaw')
+      lines.push('USER openclaw')
+      lines.push('WORKDIR /home/openclaw')
+      lines.push('RUN npm install -g openclaw')
+      lines.push('COPY .env .env')
+      lines.push('EXPOSE 19000')
+      lines.push('CMD ["openclaw", "agent", "--local"]')
+      lines.push('```')
+      lines.push(zh
+        ? '运行: `docker build -t openclaw-safe . && docker run --rm -it openclaw-safe`'
+        : 'Run: `docker build -t openclaw-safe . && docker run --rm -it openclaw-safe`')
+      lines.push('')
+
+      // Firewall
+      lines.push(zh ? '**防火墙限制** — 仅允许必要出站:' : '**Firewall** — allow only necessary outbound:')
+      lines.push('```bash')
+      lines.push('# 只允许 HTTPS 出站（API 调用），禁止其他出站')
+      lines.push('sudo iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT')
+      lines.push('sudo iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT')
+      lines.push('sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT  # DNS')
+      lines.push('sudo iptables -A OUTPUT -o lo -j ACCEPT               # localhost')
+      lines.push('sudo iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT')
+      lines.push('sudo iptables -A OUTPUT -j LOG --log-prefix "BLOCKED: "')
+      lines.push('sudo iptables -A OUTPUT -j DROP')
+      lines.push('```')
+      lines.push(zh
+        ? '⚠️ 执行前请确认不会影响其他服务'
+        : '⚠️ Review before applying — may affect other services')
+      lines.push('')
+
       // === Summary ===
       lines.push('---')
       if (issues.length === 0) {

package/src/commands/index.ts

@@ -7,6 +7,7 @@ import { registerAuditCommand } from './audit'
 import { registerHardenCommand } from './harden'
 import { registerScanPluginsCommand } from './scan-plugins'
 import { registerCheckUpdatesCommand } from './check-updates'
+import { registerUpgradeOpenClawCommand } from './upgrade-openclaw'
 
 export function registerAllCommands(api: any, config: ShellWardConfig) {
   const locale = resolveLocale(config)
@@ -17,6 +18,7 @@ export function registerAllCommands(api: any, config: ShellWardConfig) {
   registerHardenCommand(api, config)
   registerScanPluginsCommand(api, config)
   registerCheckUpdatesCommand(api, config)
+  registerUpgradeOpenClawCommand(api, config)
 
   // Register /cg shortcut with help
   api.registerCommand({
@@ -31,23 +33,25 @@ export function registerAllCommands(api: any, config: ShellWardConfig) {
 | 命令 | 说明 |
 |------|------|
 | \`/security\` | 安全状态总览（防御层、审计统计、系统检查） |
-| \`/audit [数量] [过滤]\` | 查看审计日志 (过滤: block/redact/critical/high) |
+| \`/audit [数量] [过滤]\` | 查看审计日志 (过滤: block/audit/critical/high) |
 | \`/harden\` | 安全扫描 · \`/harden fix\` 自动修复权限 |
 | \`/scan-plugins\` | 扫描已安装插件的安全风险 |
 | \`/check-updates\` | 检查 OpenClaw 版本和已知漏洞 |
+| \`/upgrade-openclaw\` | 一键升级 OpenClaw · \`/upgrade-openclaw yes\` 直接执行 |
 
 **当前防御层 (8层):**
-L1 提示注入 · L2 输出脱敏 · L3 工具拦截 · L4 注入检测
-L5 安全门 · L6 回复脱敏 · L7 数据流监控 · L8 会话安全`
+L1 提示注入 · L2 输出审计 · L3 工具拦截 · L4 注入检测
+L5 安全门 · L6 回复审计 · L7 数据流监控 · L8 会话安全`
         : `🛡️ **ShellWard Quick Commands**
 
 | Command | Description |
 |---------|-------------|
 | \`/security\` | Security status overview (layers, audit stats, system checks) |
-| \`/audit [count] [filter]\` | View audit log (filter: block/redact/critical/high) |
+| \`/audit [count] [filter]\` | View audit log (filter: block/audit/critical/high) |
 | \`/harden\` | Security scan · \`/harden fix\` to auto-fix permissions |
 | \`/scan-plugins\` | Scan installed plugins for security risks |
 | \`/check-updates\` | Check OpenClaw version and known vulnerabilities |
+| \`/upgrade-openclaw\` | Upgrade OpenClaw · \`/upgrade-openclaw yes\` to execute |
 
 **Active Defense Layers (8):**
 L1 Prompt Guard · L2 Output Scanner · L3 Tool Blocker · L4 Input Auditor

package/src/commands/scan-plugins.ts

@@ -5,7 +5,8 @@ import { join } from 'path'
 import type { ShellWardConfig } from '../types'
 import { resolveLocale } from '../types'
 
-const HOME = process.env.HOME || '~'
+import { getHomeDir } from '../utils'
+const HOME = getHomeDir()
 const OPENCLAW_DIR = join(HOME, '.openclaw')
 
 // Known suspicious patterns in plugin code
@@ -74,6 +75,7 @@ export function registerScanPluginsCommand(api: any, config: ShellWardConfig) {
       lines.push('')
 
       let totalRisks = 0
+      const riskyPluginNames = new Set<string>()
 
       for (const plugin of pluginDirs) {
         const risks: string[] = []
@@ -113,9 +115,9 @@ export function registerScanPluginsCommand(api: any, config: ShellWardConfig) {
           try {
             const content = readFileSync(file, 'utf-8')
             for (const rule of SUSPICIOUS_PATTERNS) {
-              if (rule.pattern.test(content)) {
-                // Reset lastIndex for global regexes
-                rule.pattern.lastIndex = 0
+              // Use fresh regex to avoid lastIndex state issues with global patterns
+              const regex = new RegExp(rule.pattern.source, rule.pattern.flags)
+              if (regex.test(content)) {
                 const relPath = file.replace(plugin.path + '/', '')
                 risks.push(zh
                   ? `⚠️ ${relPath}: ${rule.name} (${rule.risk})`
@@ -147,11 +149,14 @@ export function registerScanPluginsCommand(api: any, config: ShellWardConfig) {
             lines.push(`  ${risk}`)
             totalRisks++
           }
+          if (risks.some(r => r.startsWith('🔴') || (r.startsWith('⚠️') && !r.includes('签名') && !r.includes('signature') && !r.includes('依赖') && !r.includes('deps')))) {
+            riskyPluginNames.add(plugin.name)
+          }
         }
         lines.push('')
       }
 
-      // Summary
+      // Summary + removal commands
       lines.push('---')
       if (totalRisks === 0) {
         lines.push(zh ? '✅ **所有插件扫描通过**' : '✅ **All plugins passed scan**')
@@ -159,6 +164,17 @@ export function registerScanPluginsCommand(api: any, config: ShellWardConfig) {
         lines.push(zh
           ? `⚠️ **发现 ${totalRisks} 个潜在风险** — 请审查标记的插件`
           : `⚠️ **${totalRisks} potential risks found** — review flagged plugins`)
+
+        if (riskyPluginNames.size > 0) {
+          lines.push('')
+          lines.push(zh ? '**一键移除高风险插件** — 复制执行:' : '**Remove risky plugins** — copy & run:')
+          lines.push('```bash')
+          for (const name of riskyPluginNames) {
+            lines.push(`openclaw plugins uninstall ${name}`)
+          }
+          lines.push('```')
+        }
+
         lines.push(zh
           ? '💡 建议: 仅从可信渠道安装插件，定期运行 `/scan-plugins` 检查'
           : '💡 Tip: Only install plugins from trusted sources, run `/scan-plugins` regularly')

package/src/commands/security.ts

@@ -3,10 +3,11 @@
 import { readFileSync, statSync, existsSync, readdirSync } from 'fs'
 import { join } from 'path'
 import { execSync } from 'child_process'
+import { getHomeDir } from '../utils'
 import type { ShellWardConfig } from '../types'
 import { resolveLocale } from '../types'
 
-const LOG_DIR = join(process.env.HOME || '~', '.openclaw', 'shellward')
+const LOG_DIR = join(getHomeDir(), '.openclaw', 'shellward')
 const LOG_FILE = join(LOG_DIR, 'audit.jsonl')
 
 export function registerSecurityCommand(api: any, config: ShellWardConfig) {
@@ -33,6 +34,9 @@ export function registerSecurityCommand(api: any, config: ShellWardConfig) {
         ['L3 Tool Blocker', config.layers.toolBlocker],
         ['L4 Input Auditor', config.layers.inputAuditor],
         ['L5 Security Gate', config.layers.securityGate],
+        ['L6 Outbound Guard', config.layers.outboundGuard],
+        ['L7 Data Flow Guard', config.layers.dataFlowGuard],
+        ['L8 Session Guard', config.layers.sessionGuard],
       ]
       for (const [name, enabled] of layers) {
         lines.push(`  ${enabled ? '✅' : '❌'} ${name}`)
@@ -54,15 +58,15 @@ export function registerSecurityCommand(api: any, config: ShellWardConfig) {
         const allLines = content.trim().split('\n').filter(Boolean)
         const total = allLines.length
         let blocks = 0
-        let redacts = 0
+        let audits = 0
         let criticals = 0
         for (const line of allLines) {
           if (line.includes('"action":"block"')) blocks++
-          if (line.includes('"action":"redact"')) redacts++
+          if (line.includes('"action":"audit"')) audits++
           if (line.includes('"level":"CRITICAL"')) criticals++
         }
         lines.push(`  ${zh ? '总事件' : 'Total events'}: ${total}`)
-        lines.push(`  ${zh ? '拦截' : 'Blocked'}: ${blocks} | ${zh ? '脱敏' : 'Redacted'}: ${redacts} | ${zh ? '严重' : 'Critical'}: ${criticals}`)
+        lines.push(`  ${zh ? '拦截' : 'Blocked'}: ${blocks} | ${zh ? '审计' : 'Audited'}: ${audits} | ${zh ? '严重' : 'Critical'}: ${criticals}`)
       } catch {
         lines.push(zh ? '  ⚠️ 日志文件不存在' : '  ⚠️ Log file not found')
       }