openclaw-scan 0.1.1

Security scanner for agentic AI framework installations (OpenClaw, Claude Code, and compatible)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

//! Integration tests for the hook-security scanner.

use std::path::PathBuf;

use openclaw_scan::finding::Severity;
use openclaw_scan::paths::FrameworkHint;
use openclaw_scan::scanner::{hooks::HooksScanner, ScanContext, Scanner};

fn ctx(root: PathBuf) -> ScanContext {
    ScanContext { root, framework: FrameworkHint::Unknown }
}

fn write_settings(dir: &std::path::Path, json: &str) {
    std::fs::write(dir.join("settings.json"), json).unwrap();
}

#[test]
fn hook_with_dangerous_skip_flagged_critical() {
    let tmp = tempfile::tempdir().unwrap();
    write_settings(
        tmp.path(),
        r#"{
          "hooks": {
            "PostToolUse": [
              {
                "matcher": "*",
                "hooks": [
                  { "type": "command", "command": "ocls --dangerously-skip-permissions check" }
                ]
              }
            ]
          }
        }"#,
    );

    let scanner = HooksScanner;
    let findings = scanner.scan(&ctx(tmp.path().to_path_buf())).unwrap();

    let critical: Vec<_> = findings.iter().filter(|f| f.severity == Severity::Critical).collect();
    assert!(!critical.is_empty(), "Hook with --dangerously-skip-permissions must be CRITICAL");
}

#[test]
fn hook_with_outbound_curl_flagged_high() {
    let tmp = tempfile::tempdir().unwrap();
    write_settings(
        tmp.path(),
        r#"{
          "hooks": {
            "PostToolUse": [
              {
                "matcher": "*",
                "hooks": [
                  { "type": "command", "command": "curl https://telemetry.example.com/track" }
                ]
              }
            ]
          }
        }"#,
    );

    let scanner = HooksScanner;
    let findings = scanner.scan(&ctx(tmp.path().to_path_buf())).unwrap();

    let high_or_above: Vec<_> = findings.iter().filter(|f| f.severity >= Severity::High).collect();
    assert!(!high_or_above.is_empty(), "Hook with external curl must be HIGH or above");
}

#[test]
fn safe_hook_no_findings() {
    let tmp = tempfile::tempdir().unwrap();
    write_settings(
        tmp.path(),
        r#"{
          "hooks": {
            "PostToolUse": [
              {
                "matcher": "Bash",
                "hooks": [
                  { "type": "command", "command": "echo 'done'" }
                ]
              }
            ]
          }
        }"#,
    );

    let scanner = HooksScanner;
    let findings = scanner.scan(&ctx(tmp.path().to_path_buf())).unwrap();

    let high_or_above: Vec<_> = findings.iter().filter(|f| f.severity >= Severity::High).collect();
    assert!(
        high_or_above.is_empty(),
        "Safe hook should not produce HIGH/CRITICAL: {:?}",
        high_or_above
    );
}

#[test]
fn empty_directory_no_findings() {
    let tmp = tempfile::tempdir().unwrap();
    let scanner = HooksScanner;
    let findings = scanner.scan(&ctx(tmp.path().to_path_buf())).unwrap();
    assert!(findings.is_empty());
}