vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-10 12:20:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
spawn/sprite
History
A 654352bed0
security: fix predictable temp file path in sprite upload_file_sprite (#1330) 
Replace PID-based temp path with cryptographically random generation
to prevent symlink attacks on remote servers.

Severity: MEDIUM
Finding: sprite/lib/common.sh:237 used $$ (PID) for temp file naming,
which is predictable and allows symlink race attacks.

Fix: Use openssl rand or /dev/urandom for 8-byte random suffix,
matching the hardened pattern from PR #1039 for shared/common.sh.

Related: #763 (security batch tracking issue)

Agent: security-auditor

Co-authored-by: spawn-bot <bot@openrouter.ai>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-16 20:22:22 -05:00
..
.claude/rules Sprite setup scripts for Claude Code and OpenClaw 2026-02-05 13:25:30 -06:00
lib security: fix predictable temp file path in sprite upload_file_sprite (#1330) 2026-02-16 20:22:22 -05:00
aider.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
amazonq.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
claude.sh feat: add server lifecycle management (reconnect + delete) (#1363) 2026-02-16 17:06:49 -08:00
cline.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
codex.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
continue.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
gemini.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
goose.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
gptme.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
interpreter.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
kilocode.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
nanoclaw.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
openclaw.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
opencode.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
plandex.sh refactor: introduce cloud adapter + spawn_agent runner system (#1340) 2026-02-16 16:25:44 -08:00
README.md refactor: replace Python with jq in Hetzner lib, fix /lab → /labs URLs (#827) 2026-02-12 23:14:11 -08:00

README.md

Sprite

Sprites.dev managed VMs with CLI. Sprite

Agents

Claude Code

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/claude.sh)

OpenClaw

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/openclaw.sh)

NanoClaw

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/nanoclaw.sh)

Aider

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/aider.sh)

Goose

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/goose.sh)

Codex CLI

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/codex.sh)

Open Interpreter

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/interpreter.sh)

Gemini CLI

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/gemini.sh)

Amazon Q CLI

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/amazonq.sh)

Cline

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/cline.sh)

gptme

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/gptme.sh)

OpenCode

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/opencode.sh)

Plandex

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/plandex.sh)

Kilo Code

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/kilocode.sh)

Continue

bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/continue.sh)

Non-Interactive Mode

SPRITE_NAME=dev-mk1 \
OPENROUTER_API_KEY=sk-or-v1-xxxxx \
  bash <(curl -fsSL https://openrouter.ai/labs/spawn/sprite/claude.sh)