mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-12 16:32:55 +00:00
0552ec899f
* fix(qqbot): allow RFC2544 benchmark range for token fetch (#88984) QQ Bot `bots.qq.com` token-fetch path was failing for users whose DNS resolver maps the hostname into the RFC 2544 benchmark range `198.18.0.0/15` (commonly seen with fake-IP proxy stacks: sing-box, Clash, Surge, WSL2 DNS). The default SSRF guard treats that range as private and blocks the request, surfacing as "Network error getting access_token: Blocked: resolves to private/internal/special-use IP address". Pass a host-scoped `SsrFPolicy` (`allowRfc2544BenchmarkRange: true`) to the single hard-coded `TOKEN_URL` request, mirroring the existing `QQBOT_MEDIA_SSRF_POLICY` pattern used by the media path. Because `TOKEN_URL` is a const and not user-controlled, the relaxation cannot widen attack surface to other hosts. Adds a regression test asserting `policy: { allowRfc2544BenchmarkRange: true }` is forwarded into `fetchWithSsrFGuard`, and updates the existing equality assertion accordingly. Fixes #88984 * fix(qqbot): scope token ssrf policy
OpenClaw QQ Bot
Official OpenClaw channel plugin for QQ Bot group and direct-message workflows.
Install from OpenClaw:
openclaw plugin add @openclaw/qqbot
Configure QQ Bot credentials in OpenClaw, then connect the bot to the groups or direct-message contexts where agents should operate.