ConfigServer starts a NanoHTTPD server on port 9527 using NanoHTTPD(port) — no hostname specified — which causes it to bind to all network interfaces (0.0.0.0).
Any device on the same WiFi network can reach the following endpoints without authentication:
- GET /api/channels — returns all stored bot tokens (DingTalk, FeiShu, QQ, Discord, Telegram, WeChat)
- GET /api/llm — returns all LLM API keys and base URLs
- POST /api/channels and POST /api/llm — overwrites stored credentials
- CORS is also set to Access-Control-Allow-Origin: *, meaning a malicious website visited on the same network could exfiltrate credentials via a browser-side fetch.
Affected File
app/src/main/java/io/agents/pokeclaw/server/ConfigServer.kt — line 25
Suggested Fixes
Option 1 — Bind to localhost (breaks LAN config page intent):
} : NanoHTTPD("127.0.0.1", port)
Option 2 — Add a shared secret / token-based auth on all /api/* endpoints (preserves LAN access).
Option 3 — Restrict CORS to a known origin instead of *.
ConfigServer starts a NanoHTTPD server on port 9527 using NanoHTTPD(port) — no hostname specified — which causes it to bind to all network interfaces (0.0.0.0).
Any device on the same WiFi network can reach the following endpoints without authentication:
Affected File
app/src/main/java/io/agents/pokeclaw/server/ConfigServer.kt — line 25Suggested Fixes
Option 1 — Bind to localhost (breaks LAN config page intent):
} : NanoHTTPD("127.0.0.1", port)
Option 2 — Add a shared secret / token-based auth on all /api/* endpoints (preserves LAN access).
Option 3 — Restrict CORS to a known origin instead of *.