vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-05 07:40:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: rename to openclaw

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-30 03:15:10 +01:00
parent 4583f88626
commit 9a7160786a
2357 changed files with 16688 additions and 16788 deletions
Download Patch File Download Diff File Expand all files Collapse all files

192
src/security/audit.test.ts
View File

@@ -1,6 +1,6 @@
import { afterEach, beforeEach, describe, expect, it } from "vitest";
import type { MoltbotConfig } from "../config/config.js";
import type { OpenClawConfig } from "../config/config.js";
import type { ChannelPlugin } from "../channels/plugins/types.js";
import { runSecurityAudit } from "./audit.js";
import { discordPlugin } from "../../extensions/discord/src/channel.js";
@@ -14,7 +14,7 @@ const isWindows = process.platform === "win32";
describe("security audit", () => {
it("includes an attack surface summary (info)", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
channels: { whatsapp: { groupPolicy: "open" }, telegram: { groupPolicy: "allowlist" } },
tools: { elevated: { enabled: true, allowFrom: { whatsapp: ["+1"] } } },
hooks: { enabled: true },
@@ -35,7 +35,7 @@ describe("security audit", () => {
});
it("flags non-loopback bind without auth as critical", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
bind: "lan",
auth: {},
@@ -55,7 +55,7 @@ describe("security audit", () => {
});
it("warns when loopback control UI lacks trusted proxies", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
bind: "loopback",
controlUi: { enabled: true },
@@ -79,7 +79,7 @@ describe("security audit", () => {
});
it("flags loopback control UI without auth as critical", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
bind: "loopback",
controlUi: { enabled: true },
@@ -105,7 +105,7 @@ describe("security audit", () => {
});
it("flags logging.redactSensitive=off", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
logging: { redactSensitive: "off" },
};
@@ -123,10 +123,10 @@ describe("security audit", () => {
});
it("treats Windows ACL-only perms as secure", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-win-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-win-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
const configPath = path.join(stateDir, "moltbot.json");
const configPath = path.join(stateDir, "openclaw.json");
await fs.writeFile(configPath, "{}\n", "utf-8");
const user = "DESKTOP-TEST\\Tester";
@@ -160,10 +160,10 @@ describe("security audit", () => {
});
it("flags Windows ACLs when Users can read the state dir", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-win-open-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-win-open-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true });
const configPath = path.join(stateDir, "moltbot.json");
const configPath = path.join(stateDir, "openclaw.json");
await fs.writeFile(configPath, "{}\n", "utf-8");
const user = "DESKTOP-TEST\\Tester";
@@ -200,7 +200,7 @@ describe("security audit", () => {
});
it("warns when small models are paired with web/browser tools", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
agents: { defaults: { model: { primary: "ollama/mistral-8b" } } },
tools: {
web: {
@@ -226,7 +226,7 @@ describe("security audit", () => {
});
it("treats small models as safe when sandbox is on and web tools are disabled", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
agents: { defaults: { model: { primary: "ollama/mistral-8b" }, sandbox: { mode: "all" } } },
tools: {
web: {
@@ -250,7 +250,7 @@ describe("security audit", () => {
});
it("flags tools.elevated allowFrom wildcard as critical", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
tools: {
elevated: {
allowFrom: { whatsapp: ["*"] },
@@ -275,7 +275,7 @@ describe("security audit", () => {
});
it("warns when remote CDP uses HTTP", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
browser: {
profiles: {
remote: { cdpUrl: "http://example.com:9222", color: "#0066CC" },
@@ -297,7 +297,7 @@ describe("security audit", () => {
});
it("warns when control UI allows insecure auth", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
controlUi: { allowInsecureAuth: true },
},
@@ -320,7 +320,7 @@ describe("security audit", () => {
});
it("warns when control UI device auth is disabled", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
controlUi: { dangerouslyDisableDeviceAuth: true },
},
@@ -343,7 +343,7 @@ describe("security audit", () => {
});
it("warns when multiple DM senders share the main session", async () => {
const cfg: MoltbotConfig = { session: { dmScope: "main" } };
const cfg: OpenClawConfig = { session: { dmScope: "main" } };
const plugins: ChannelPlugin[] = [
{
id: "whatsapp",
@@ -391,12 +391,12 @@ describe("security audit", () => {
});
it("flags Discord native commands without a guild user allowlist", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-discord-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
const prevStateDir = process.env.OPENCLAW_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-discord-"));
process.env.OPENCLAW_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
channels: {
discord: {
enabled: true,
@@ -429,20 +429,20 @@ describe("security audit", () => {
]),
);
} finally {
if (prevStateDir == null) delete process.env.CLAWDBOT_STATE_DIR;
else process.env.CLAWDBOT_STATE_DIR = prevStateDir;
if (prevStateDir == null) delete process.env.OPENCLAW_STATE_DIR;
else process.env.OPENCLAW_STATE_DIR = prevStateDir;
}
});
it("does not flag Discord slash commands when dm.allowFrom includes a Discord snowflake id", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const prevStateDir = process.env.OPENCLAW_STATE_DIR;
const tmp = await fs.mkdtemp(
path.join(os.tmpdir(), "moltbot-security-audit-discord-allowfrom-snowflake-"),
path.join(os.tmpdir(), "openclaw-security-audit-discord-allowfrom-snowflake-"),
);
process.env.CLAWDBOT_STATE_DIR = tmp;
process.env.OPENCLAW_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
channels: {
discord: {
enabled: true,
@@ -475,18 +475,18 @@ describe("security audit", () => {
]),
);
} finally {
if (prevStateDir == null) delete process.env.CLAWDBOT_STATE_DIR;
else process.env.CLAWDBOT_STATE_DIR = prevStateDir;
if (prevStateDir == null) delete process.env.OPENCLAW_STATE_DIR;
else process.env.OPENCLAW_STATE_DIR = prevStateDir;
}
});
it("flags Discord slash commands when access-group enforcement is disabled and no users allowlist exists", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-discord-open-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
const prevStateDir = process.env.OPENCLAW_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-discord-open-"));
process.env.OPENCLAW_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
commands: { useAccessGroups: false },
channels: {
discord: {
@@ -520,18 +520,18 @@ describe("security audit", () => {
]),
);
} finally {
if (prevStateDir == null) delete process.env.CLAWDBOT_STATE_DIR;
else process.env.CLAWDBOT_STATE_DIR = prevStateDir;
if (prevStateDir == null) delete process.env.OPENCLAW_STATE_DIR;
else process.env.OPENCLAW_STATE_DIR = prevStateDir;
}
});
it("flags Slack slash commands without a channel users allowlist", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-slack-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
const prevStateDir = process.env.OPENCLAW_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-slack-"));
process.env.OPENCLAW_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
channels: {
slack: {
enabled: true,
@@ -559,18 +559,18 @@ describe("security audit", () => {
]),
);
} finally {
if (prevStateDir == null) delete process.env.CLAWDBOT_STATE_DIR;
else process.env.CLAWDBOT_STATE_DIR = prevStateDir;
if (prevStateDir == null) delete process.env.OPENCLAW_STATE_DIR;
else process.env.OPENCLAW_STATE_DIR = prevStateDir;
}
});
it("flags Slack slash commands when access-group enforcement is disabled", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-slack-open-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
const prevStateDir = process.env.OPENCLAW_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-slack-open-"));
process.env.OPENCLAW_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
commands: { useAccessGroups: false },
channels: {
slack: {
@@ -599,18 +599,18 @@ describe("security audit", () => {
]),
);
} finally {
if (prevStateDir == null) delete process.env.CLAWDBOT_STATE_DIR;
else process.env.CLAWDBOT_STATE_DIR = prevStateDir;
if (prevStateDir == null) delete process.env.OPENCLAW_STATE_DIR;
else process.env.OPENCLAW_STATE_DIR = prevStateDir;
}
});
it("flags Telegram group commands without a sender allowlist", async () => {
const prevStateDir = process.env.CLAWDBOT_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-telegram-"));
process.env.CLAWDBOT_STATE_DIR = tmp;
const prevStateDir = process.env.OPENCLAW_STATE_DIR;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-telegram-"));
process.env.OPENCLAW_STATE_DIR = tmp;
await fs.mkdir(path.join(tmp, "credentials"), { recursive: true, mode: 0o700 });
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
channels: {
telegram: {
enabled: true,
@@ -637,13 +637,13 @@ describe("security audit", () => {
]),
);
} finally {
if (prevStateDir == null) delete process.env.CLAWDBOT_STATE_DIR;
else process.env.CLAWDBOT_STATE_DIR = prevStateDir;
if (prevStateDir == null) delete process.env.OPENCLAW_STATE_DIR;
else process.env.OPENCLAW_STATE_DIR = prevStateDir;
}
});
it("adds a warning when deep probe fails", async () => {
const cfg: MoltbotConfig = { gateway: { mode: "local" } };
const cfg: OpenClawConfig = { gateway: { mode: "local" } };
const res = await runSecurityAudit({
config: cfg,
@@ -672,7 +672,7 @@ describe("security audit", () => {
});
it("adds a warning when deep probe throws", async () => {
const cfg: MoltbotConfig = { gateway: { mode: "local" } };
const cfg: OpenClawConfig = { gateway: { mode: "local" } };
const res = await runSecurityAudit({
config: cfg,
@@ -695,7 +695,7 @@ describe("security audit", () => {
});
it("warns on legacy model configuration", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
agents: { defaults: { model: { primary: "openai/gpt-3.5-turbo" } } },
};
@@ -713,7 +713,7 @@ describe("security audit", () => {
});
it("warns on weak model tiers", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
agents: { defaults: { model: { primary: "anthropic/claude-haiku-4-5" } } },
};
@@ -732,7 +732,7 @@ describe("security audit", () => {
it("does not warn on Venice-style opus-45 model names", async () => {
// Venice uses "claude-opus-45" format (no dash between 4 and 5)
const cfg: ClawdbotConfig = {
const cfg: OpenClawConfig = {
agents: { defaults: { model: { primary: "venice/claude-opus-45" } } },
};
@@ -748,7 +748,7 @@ describe("security audit", () => {
});
it("warns when hooks token looks short", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
hooks: { enabled: true, token: "short" },
};
@@ -766,9 +766,9 @@ describe("security audit", () => {
});
it("warns when hooks token reuses the gateway env token", async () => {
const prevToken = process.env.CLAWDBOT_GATEWAY_TOKEN;
process.env.CLAWDBOT_GATEWAY_TOKEN = "shared-gateway-token-1234567890";
const cfg: MoltbotConfig = {
const prevToken = process.env.OPENCLAW_GATEWAY_TOKEN;
process.env.OPENCLAW_GATEWAY_TOKEN = "shared-gateway-token-1234567890";
const cfg: OpenClawConfig = {
hooks: { enabled: true, token: "shared-gateway-token-1234567890" },
};
@@ -785,20 +785,20 @@ describe("security audit", () => {
]),
);
} finally {
if (prevToken === undefined) delete process.env.CLAWDBOT_GATEWAY_TOKEN;
else process.env.CLAWDBOT_GATEWAY_TOKEN = prevToken;
if (prevToken === undefined) delete process.env.OPENCLAW_GATEWAY_TOKEN;
else process.env.OPENCLAW_GATEWAY_TOKEN = prevToken;
}
});
it("warns when state/config look like a synced folder", async () => {
const cfg: MoltbotConfig = {};
const cfg: OpenClawConfig = {};
const res = await runSecurityAudit({
config: cfg,
includeFilesystem: false,
includeChannelSecurity: false,
stateDir: "/Users/test/Dropbox/.clawdbot",
configPath: "/Users/test/Dropbox/.clawdbot/moltbot.json",
stateDir: "/Users/test/Dropbox/.openclaw",
configPath: "/Users/test/Dropbox/.openclaw/openclaw.json",
});
expect(res.findings).toEqual(
@@ -809,7 +809,7 @@ describe("security audit", () => {
});
it("flags group/world-readable config include files", async () => {
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(stateDir, { recursive: true, mode: 0o700 });
@@ -823,12 +823,12 @@ describe("security audit", () => {
await fs.chmod(includePath, 0o644);
}
const configPath = path.join(stateDir, "moltbot.json");
const configPath = path.join(stateDir, "openclaw.json");
await fs.writeFile(configPath, `{ "$include": "./extra.json5" }\n`, "utf-8");
await fs.chmod(configPath, 0o600);
try {
const cfg: MoltbotConfig = { logging: { redactSensitive: "off" } };
const cfg: OpenClawConfig = { logging: { redactSensitive: "off" } };
const user = "DESKTOP-TEST\\Tester";
const execIcacls = isWindows
? async (_cmd: string, args: string[]) => {
@@ -882,7 +882,7 @@ describe("security audit", () => {
delete process.env.TELEGRAM_BOT_TOKEN;
delete process.env.SLACK_BOT_TOKEN;
delete process.env.SLACK_APP_TOKEN;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(path.join(stateDir, "extensions", "some-plugin"), {
recursive: true,
@@ -890,13 +890,13 @@ describe("security audit", () => {
});
try {
const cfg: MoltbotConfig = {};
const cfg: OpenClawConfig = {};
const res = await runSecurityAudit({
config: cfg,
includeFilesystem: true,
includeChannelSecurity: false,
stateDir,
configPath: path.join(stateDir, "moltbot.json"),
configPath: path.join(stateDir, "openclaw.json"),
});
expect(res.findings).toEqual(
@@ -919,7 +919,7 @@ describe("security audit", () => {
it("flags unallowlisted extensions as critical when native skill commands are exposed", async () => {
const prevDiscordToken = process.env.DISCORD_BOT_TOKEN;
delete process.env.DISCORD_BOT_TOKEN;
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "moltbot-security-audit-"));
const tmp = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-security-audit-"));
const stateDir = path.join(tmp, "state");
await fs.mkdir(path.join(stateDir, "extensions", "some-plugin"), {
recursive: true,
@@ -927,7 +927,7 @@ describe("security audit", () => {
});
try {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
channels: {
discord: { enabled: true, token: "t" },
},
@@ -937,7 +937,7 @@ describe("security audit", () => {
includeFilesystem: true,
includeChannelSecurity: false,
stateDir,
configPath: path.join(stateDir, "moltbot.json"),
configPath: path.join(stateDir, "openclaw.json"),
});
expect(res.findings).toEqual(
@@ -955,7 +955,7 @@ describe("security audit", () => {
});
it("flags open groupPolicy when tools.elevated is enabled", async () => {
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
tools: { elevated: { enabled: true, allowFrom: { whatsapp: ["+1"] } } },
channels: { whatsapp: { groupPolicy: "open" } },
};
@@ -977,30 +977,30 @@ describe("security audit", () => {
});
describe("maybeProbeGateway auth selection", () => {
const originalEnvToken = process.env.CLAWDBOT_GATEWAY_TOKEN;
const originalEnvPassword = process.env.CLAWDBOT_GATEWAY_PASSWORD;
const originalEnvToken = process.env.OPENCLAW_GATEWAY_TOKEN;
const originalEnvPassword = process.env.OPENCLAW_GATEWAY_PASSWORD;
beforeEach(() => {
delete process.env.CLAWDBOT_GATEWAY_TOKEN;
delete process.env.CLAWDBOT_GATEWAY_PASSWORD;
delete process.env.OPENCLAW_GATEWAY_TOKEN;
delete process.env.OPENCLAW_GATEWAY_PASSWORD;
});
afterEach(() => {
if (originalEnvToken == null) {
delete process.env.CLAWDBOT_GATEWAY_TOKEN;
delete process.env.OPENCLAW_GATEWAY_TOKEN;
} else {
process.env.CLAWDBOT_GATEWAY_TOKEN = originalEnvToken;
process.env.OPENCLAW_GATEWAY_TOKEN = originalEnvToken;
}
if (originalEnvPassword == null) {
delete process.env.CLAWDBOT_GATEWAY_PASSWORD;
delete process.env.OPENCLAW_GATEWAY_PASSWORD;
} else {
process.env.CLAWDBOT_GATEWAY_PASSWORD = originalEnvPassword;
process.env.OPENCLAW_GATEWAY_PASSWORD = originalEnvPassword;
}
});
it("uses local auth when gateway.mode is local", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "local",
auth: { token: "local-token-abc123" },
@@ -1033,9 +1033,9 @@ describe("security audit", () => {
});
it("prefers env token over local config token", async () => {
process.env.CLAWDBOT_GATEWAY_TOKEN = "env-token";
process.env.OPENCLAW_GATEWAY_TOKEN = "env-token";
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "local",
auth: { token: "local-token" },
@@ -1069,7 +1069,7 @@ describe("security audit", () => {
it("uses local auth when gateway.mode is undefined (default)", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
auth: { token: "default-local-token" },
},
@@ -1102,7 +1102,7 @@ describe("security audit", () => {
it("uses remote auth when gateway.mode is remote with URL", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "remote",
auth: { token: "local-token-should-not-use" },
@@ -1139,9 +1139,9 @@ describe("security audit", () => {
});
it("ignores env token when gateway.mode is remote", async () => {
process.env.CLAWDBOT_GATEWAY_TOKEN = "env-token";
process.env.OPENCLAW_GATEWAY_TOKEN = "env-token";
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "remote",
auth: { token: "local-token-should-not-use" },
@@ -1179,7 +1179,7 @@ describe("security audit", () => {
it("uses remote password when env is unset", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "remote",
remote: {
@@ -1215,9 +1215,9 @@ describe("security audit", () => {
});
it("prefers env password over remote password", async () => {
process.env.CLAWDBOT_GATEWAY_PASSWORD = "env-pass";
process.env.OPENCLAW_GATEWAY_PASSWORD = "env-pass";
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "remote",
remote: {
@@ -1254,7 +1254,7 @@ describe("security audit", () => {
it("falls back to local auth when gateway.mode is remote but URL is missing", async () => {
let capturedAuth: { token?: string; password?: string } | undefined;
const cfg: MoltbotConfig = {
const cfg: OpenClawConfig = {
gateway: {
mode: "remote",
auth: { token: "fallback-local-token" },