registry  /  @huo15/clawbutler-oauth  /  1.4.0

@huo15/clawbutler-oauth@1.4.0

龙虾管家企业版鉴权插件 — 手机号注册/登录 + JWT + per-user 会话隔离 + 智能体分配 + 管理后台

AI Security Review

scanned 2h ago · by lpm-firewall-ai

A JWT holder can request `/plugins/huihuo/auth/gateway-token`, which reads and returns the gateway token from runtime configuration. The default JWT signing secret is publicly embedded, enabling token forgery unless operators override it.

Static reason
No blocking static signals were detected.
Trigger
Send a forged or otherwise valid Bearer JWT to the plugin's gateway-token route at runtime.
Impact
Exposes a configured gateway credential to an unauthorised requester.
Mechanism
JWT-authenticated disclosure of the runtime gateway bearer token.
Rationale
Source inspection found a critical credential-disclosure path and insecure default JWT secret. The package has no install-time hooks or covert execution, so this warrants a warning rather than a malware block.
Evidence
dist/config.jsdist/auth/jwt.jsdist/auth/routes.jsdist/auth/sms.jsdist/admin/store.jsdist/guard/agent.jspackage.jsondist/index.jsopenclaw.plugin.json
Network endpoints1
dysmsapi.aliyuncs.com

Decision evidence

public snapshot
AI called this Suspicious at 97.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
  • `dist/config.js` falls back to a public hard-coded JWT secret.
  • `dist/auth/routes.js` returns the configured gateway bearer token to any valid JWT holder.
  • `dist/auth/sms.js` exposes verification codes in dev/fallback responses when SMS is unavailable.
  • `dist/admin/store.js` persists user and agent-binding data under `~/.openclaw/clawbutler-oauth`.
  • `dist/guard/agent.js` can mutate the host OpenClaw agent config when called.
Evidence against
  • `package.json` has no preinstall/install/postinstall hook; only `prepublishOnly` builds.
  • No child-process, shell, eval, dynamic loading, or native binary execution appears in `dist`.
  • The only outbound service call is package-aligned Aliyun SMS delivery.
  • The extension registration in `dist/index.js` is runtime plugin setup, not install-time execution.
  • No source evidence of covert external exfiltration or destructive behavior.
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 34.7 KB of source, external domains: dysmsapi.aliyuncs.com

Source & flagged code

5 flagged · loading source
dist/config.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/config.js` falls back to a public hard-coded JWT secret.

dist/config.jsView on unpkg
dist/auth/routes.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/auth/routes.js` returns the configured gateway bearer token to any valid JWT holder.

dist/auth/routes.jsView on unpkg
dist/auth/sms.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/auth/sms.js` exposes verification codes in dev/fallback responses when SMS is unavailable.

dist/auth/sms.jsView on unpkg
dist/admin/store.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/admin/store.js` persists user and agent-binding data under `~/.openclaw/clawbutler-oauth`.

dist/admin/store.jsView on unpkg
dist/guard/agent.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/guard/agent.js` can mutate the host OpenClaw agent config when called.

dist/guard/agent.jsView on unpkg

Findings

7 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/config.js
MediumAi Review Evidencedist/auth/routes.js
MediumAi Review Evidencedist/auth/sms.js
MediumAi Review Evidencedist/admin/store.js
MediumAi Review Evidencedist/guard/agent.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings