vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-06-01 06:09:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
spawn/linode
History
Sprite 355c330507 security: Fix command injection in openclaw.sh files 
Fixed command injection vulnerability in sprite/openclaw.sh where
OPENCLAW_CONFIG was echoed directly into remote shell command with
user-controlled MODEL_ID variable. Changed to use temp file + secure
upload instead of inline echo.

Also added chmod 600 to all OPENCLAW_CONFIG_TEMP files across all
cloud providers (linode, vultr, digitalocean, hetzner, sprite) to
prevent race condition where credentials could be exposed in temp
files before being written.

Changes:
- sprite/openclaw.sh: Replaced echo with temp file + sprite exec -file
- All openclaw.sh: Added chmod 600 after mktemp for credentials

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-07 19:48:09 +00:00
..
lib Add Linode (Akamai) as fifth cloud provider with all 6 agents (#12) 2026-02-07 09:26:31 -08:00
aider.sh Add Linode (Akamai) as fifth cloud provider with all 6 agents (#12) 2026-02-07 09:26:31 -08:00
claude.sh Add Linode (Akamai) as fifth cloud provider with all 6 agents (#12) 2026-02-07 09:26:31 -08:00
codex.sh Add Linode (Akamai) as fifth cloud provider with all 6 agents (#12) 2026-02-07 09:26:31 -08:00
goose.sh Add Linode (Akamai) as fifth cloud provider with all 6 agents (#12) 2026-02-07 09:26:31 -08:00
interpreter.sh Add Open Interpreter as seventh agent across all clouds (#13) 2026-02-07 09:30:27 -08:00
nanoclaw.sh Add Linode (Akamai) as fifth cloud provider with all 6 agents (#12) 2026-02-07 09:26:31 -08:00
openclaw.sh security: Fix command injection in openclaw.sh files 2026-02-07 19:48:09 +00:00