vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-06-01 22:59:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
spawn/digitalocean
History
Sprite 355c330507 security: Fix command injection in openclaw.sh files 
Fixed command injection vulnerability in sprite/openclaw.sh where
OPENCLAW_CONFIG was echoed directly into remote shell command with
user-controlled MODEL_ID variable. Changed to use temp file + secure
upload instead of inline echo.

Also added chmod 600 to all OPENCLAW_CONFIG_TEMP files across all
cloud providers (linode, vultr, digitalocean, hetzner, sprite) to
prevent race condition where credentials could be exposed in temp
files before being written.

Changes:
- sprite/openclaw.sh: Replaced echo with temp file + sprite exec -file
- All openclaw.sh: Added chmod 600 after mktemp for credentials

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-07 19:48:09 +00:00
..
lib Add DigitalOcean as third cloud provider (#7) 2026-02-07 08:53:16 -08:00
aider.sh Add Aider as fourth agent across all clouds (#8) 2026-02-07 08:56:07 -08:00
claude.sh Add DigitalOcean as third cloud provider (#7) 2026-02-07 08:53:16 -08:00
codex.sh Add Codex CLI (OpenAI) as sixth agent across all clouds (#11) 2026-02-07 09:21:23 -08:00
goose.sh Add Goose agent (Block) across all clouds (#9) 2026-02-07 08:58:51 -08:00
interpreter.sh Add Open Interpreter as seventh agent across all clouds (#13) 2026-02-07 09:30:27 -08:00
nanoclaw.sh Add DigitalOcean as third cloud provider (#7) 2026-02-07 08:53:16 -08:00
openclaw.sh security: Fix command injection in openclaw.sh files 2026-02-07 19:48:09 +00:00