From 9694a4501fc44e32ef1608e48a3d369bae6ae4ac Mon Sep 17 00:00:00 2001
From: Vincent Koc <vincentkoc@ieee.org>
Date: Thu, 23 Apr 2026 10:43:22 -0700
Subject: [PATCH] fix(qqbot): require auth for bot-approve

---
 CHANGELOG.md                                              | 1 +
 .../qqbot/src/engine/commands/slash-commands-impl.test.ts | 8 ++++++++
 .../qqbot/src/engine/commands/slash-commands-impl.ts      | 1 +
 3 files changed, 10 insertions(+)
 create mode 100644 extensions/qqbot/src/engine/commands/slash-commands-impl.test.ts

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b6431ff08dd..96873ad32ef 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ Docs: https://docs.openclaw.ai
 
 ### Fixes
 
+- QQBot/security: require framework auth for `/bot-approve` so unauthorized QQ senders cannot change exec approval settings through the unauthenticated pre-dispatch slash-command path. (#70706) Thanks @vincentkoc.
 - MCP/tools: stop the ACPX OpenClaw tools bridge from listing or invoking owner-only tools such as `cron`, closing a privilege-escalation path for non-owner MCP callers. (#70698) Thanks @vincentkoc.
 - Feishu/onboarding: load Feishu setup surfaces through a setup-only barrel so first-run setup no longer imports Feishu's Lark SDK before bundled runtime deps are staged. (#70339) Thanks @andrejtr.
 - WhatsApp/security: keep contact/vCard/location structured-object free text out of the inline message body and render it through fenced untrusted metadata JSON, limiting hidden prompt-injection payloads in names, phone fields, and location labels/comments.
diff --git a/extensions/qqbot/src/engine/commands/slash-commands-impl.test.ts b/extensions/qqbot/src/engine/commands/slash-commands-impl.test.ts
new file mode 100644
index 00000000000..27bca5a8554
--- /dev/null
+++ b/extensions/qqbot/src/engine/commands/slash-commands-impl.test.ts
@@ -0,0 +1,8 @@
+import { describe, expect, it } from "vitest";
+import { getFrameworkCommands } from "./slash-commands-impl.js";
+
+describe("QQBot framework slash commands", () => {
+  it("routes bot-approve through the auth-gated framework registry", () => {
+    expect(getFrameworkCommands().map((command) => command.name)).toContain("bot-approve");
+  });
+});
diff --git a/extensions/qqbot/src/engine/commands/slash-commands-impl.ts b/extensions/qqbot/src/engine/commands/slash-commands-impl.ts
index ee74d3fb204..a404f6003bb 100644
--- a/extensions/qqbot/src/engine/commands/slash-commands-impl.ts
+++ b/extensions/qqbot/src/engine/commands/slash-commands-impl.ts
@@ -746,6 +746,7 @@ export function registerApproveRuntimeGetter(
 registerCommand({
   name: "bot-approve",
   description: "管理命令执行审批配置",
+  requireAuth: true,
   usage: [
     `/bot-approve            查看操作指引`,
     `/bot-approve on         开启审批（白名单模式，推荐）`,