fix(qqbot): require auth for bot-approve

CHANGELOG.md

@@ -8,6 +8,7 @@ Docs: https://docs.openclaw.ai
 
 ### Fixes
 
+- QQBot/security: require framework auth for `/bot-approve` so unauthorized QQ senders cannot change exec approval settings through the unauthenticated pre-dispatch slash-command path. (#70706) Thanks @vincentkoc.
 - MCP/tools: stop the ACPX OpenClaw tools bridge from listing or invoking owner-only tools such as `cron`, closing a privilege-escalation path for non-owner MCP callers. (#70698) Thanks @vincentkoc.
 - Feishu/onboarding: load Feishu setup surfaces through a setup-only barrel so first-run setup no longer imports Feishu's Lark SDK before bundled runtime deps are staged. (#70339) Thanks @andrejtr.
 - WhatsApp/security: keep contact/vCard/location structured-object free text out of the inline message body and render it through fenced untrusted metadata JSON, limiting hidden prompt-injection payloads in names, phone fields, and location labels/comments.

extensions/qqbot/src/engine/commands/slash-commands-impl.test.ts

@@ -0,0 +1,8 @@
+import { describe, expect, it } from "vitest";
+import { getFrameworkCommands } from "./slash-commands-impl.js";
+
+describe("QQBot framework slash commands", () => {
+  it("routes bot-approve through the auth-gated framework registry", () => {
+    expect(getFrameworkCommands().map((command) => command.name)).toContain("bot-approve");
+  });
+});

extensions/qqbot/src/engine/commands/slash-commands-impl.ts

@@ -746,6 +746,7 @@ export function registerApproveRuntimeGetter(
 registerCommand({
   name: "bot-approve",
   description: "管理命令执行审批配置",
+  requireAuth: true,
   usage: [
     `/bot-approve            查看操作指引`,
     `/bot-approve on         开启审批（白名单模式，推荐）`,