mirror of
https://github.com/OpenRouterTeam/spawn.git
synced 2026-05-06 08:10:48 +00:00
e8dc7b4752
8 scripts were embedding OPENROUTER_API_KEY directly into shell command
strings passed to run_server/run_in_codespace, allowing command injection
if the API key contains shell metacharacters (single quotes, semicolons,
backticks, etc.).
The worst case was latitude/continue.sh which had zero quoting:
export OPENROUTER_API_KEY=${OPENROUTER_API_KEY}
allowing arbitrary command execution on the remote server with a
crafted API key value.
Fixed by replacing unsafe inline patterns with the existing secure
helpers (inject_env_vars_ssh, inject_env_vars_local, inject_env_vars)
which use generate_env_config to properly single-quote values with
embedded quote escaping.
Affected scripts:
- scaleway/continue.sh (single-quote breakout)
- upcloud/continue.sh (double-quote breakout)
- e2b/continue.sh (single-quote breakout)
- modal/continue.sh (single-quote breakout)
- daytona/continue.sh (single-quote breakout)
- latitude/continue.sh (no quoting at all - critical)
- github-codespaces/continue.sh (single-quote breakout)
- kamatera/nanoclaw.sh (single-quote breakout in .env write)
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| lib | ||
| aider.sh | ||
| amazonq.sh | ||
| claude.sh | ||
| cline.sh | ||
| codex.sh | ||
| continue.sh | ||
| gemini.sh | ||
| goose.sh | ||
| gptme.sh | ||
| interpreter.sh | ||
| kilocode.sh | ||
| nanoclaw.sh | ||
| openclaw.sh | ||
| opencode.sh | ||
| plandex.sh | ||
| README.md | ||
Modal
Modal sandboxed containers via Python SDK. Modal
No SSH — uses Modal Python SDK for exec. Sub-second cold starts. Requires pip install modal.
Agents
Claude Code
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/claude.sh)
OpenClaw
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/openclaw.sh)
NanoClaw
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/nanoclaw.sh)
Aider
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/aider.sh)
Goose
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/goose.sh)
Codex CLI
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/codex.sh)
Open Interpreter
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/interpreter.sh)
Gemini CLI
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/gemini.sh)
Amazon Q CLI
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/amazonq.sh)
Cline
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/cline.sh)
gptme
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/gptme.sh)
OpenCode
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/opencode.sh)
Plandex
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/plandex.sh)
Non-Interactive Mode
MODAL_SANDBOX_NAME=dev-mk1 \
OPENROUTER_API_KEY=sk-or-v1-xxxxx \
bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/claude.sh)