qclaw-watchdog Security Report — High Risk | ClawSafe

65 /100

qclaw-watchdog

QClaw Watchdog - Monitors and auto-restarts QClaw when issues are detected

Hardcoded Feishu API credentials exposed in config.json combined with undocumented shell execution for process and application control operations.

Skill Nameqclaw-watchdog

Duration28.5s

Enginepi

⛔

Do not install this skill

Remove hardcoded credentials from config.json immediately. Use environment variables for all sensitive configuration. Document shell execution capabilities in SKILL.md. Add update.sh and publish.sh files referenced in documentation.

Findings 5 items

Severity	Finding	Location
Critical	Hardcoded Feishu API Credentials in config.json config.json contains hardcoded app_id (cli_a9333bca0c78dceb) and app_secret (jfQq6dWQe4wYsJiChkXVTh6IK8awBf0L) which are exposed credentials that could be used to send messages via the Feishu bot API. `"app_secret": "jfQq6dWQe4wYsJiChkXVTh6IK8awBf0L"` → Remove credentials from config.json. Use environment variables (FEISHU_APP_ID, FEISHU_APP_SECRET) instead. Add config.json to .gitignore.	`config.json:3`
High	Undocumented Shell Command Execution SKILL.md does not declare the use of shell execution via child_process.exec. The code executes pgrep, open, osascript, and pkill commands to manage the QClaw application. `const { stdout } = await execPromise('pgrep -f QClaw')` → Document shell:WRITE capability in SKILL.md or use Node.js APIs like process.kill() instead of exec.	`watchdog.js:81`
High	Application Control via osascript Uses osascript to send AppleScript commands to quit applications, which could be extended to control any application on macOS. `execPromise('osascript -e \'tell application "QClaw" to quit\'')` → Document the scope of application control. Consider restricting to known applications only.	`watchdog.js:228`
Medium	Missing Referenced Scripts SKILL.md references update.sh and publish.sh scripts that do not exist in the repository. `./update.sh --check` → Implement or remove references to update.sh and publish.sh scripts.	`SKILL.md:90`
Low	Extended Check Interval config.json sets check_interval_ms to 18000000 (5 hours), which may not match the documented default of 180000 (3 minutes). `"check_interval_ms": 18000000` → Align with documented defaults or update documentation.	`config.json:15`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`WRITE`	✗ Violation	watchdog.js:67 fs.appendFileSync(LOG_FILE)
Shell	`NONE`	`WRITE`	✗ Violation	watchdog.js:81 execPromise('pgrep -f QClaw'), watchdog.js:228 execPromise('open …
Network	`NONE`	`READ`	✓ Aligned	watchdog.js:115 fetch(QCLAW_HEALTH_URL), Feishu WebSocket/SDK calls
Environment	`NONE`	`READ`	✓ Aligned	watchdog.js:25-34 process.env reads for config

3 findings

🔗

Medium External URL 外部 URL

http://127.0.0.1:28789/health

SKILL.md:46

🔗

Medium External URL 外部 URL

https://open.feishu.cn/

SKILL.md:205

🔗

Medium External URL 外部 URL

https://open.feishu.cn/api-explorer/cli_a9333bca0c78dceb?apiName=create&project=im&resource=message&version=v1

SKILL.md:226

File Tree

6 files · 25.4 KB · 855 lines

JavaScript 1f · 522L Markdown 1f · 239L Shell 2f · 74L JSON 1f · 19L Text 1f · 1L

├─ 🔑 config.json ⚠ JSON 19L · 430 B

├─ 🔧 init-config.sh Shell 44L · 1.2 KB

├─ 📝 SKILL.md Markdown 239L · 5.6 KB

├─ 🔧 start.sh Shell 30L · 788 B

├─ 📄 version.txt Text 1L · 6 B

└─ 📜 watchdog.js JavaScript 522L · 17.4 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`@larksuiteoapi/node-sdk`	`unpinned`	npm	No	SDK version not specified in package.json (no package.json found)

Security Positives

✓ Uses Lark SDK (@larksuiteoapi/node-sdk) instead of raw HTTP requests for Feishu integration

✓ No base64-encoded payloads or obfuscated code

✓ No suspicious network connections to unknown external IPs

✓ No credential exfiltration mechanisms observed

✓ Logging to separate files for audit trail

Scan Report

Findings 5 items

File Tree

Dependencies 1 items

Security Positives