vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-06-01 06:09:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
spawn/sprite
History
Sprite d689f6f06c security: Add MODEL_ID input validation to prevent injection 
Added validate_model_id() function to all common.sh files to prevent
command injection via user-supplied MODEL_ID values. MODEL_ID is used
in JSON configs, shell commands, and exported to remote systems, so
validation is critical.

Validation enforces that MODEL_ID contains only safe characters:
- Letters (a-z, A-Z)
- Numbers (0-9)
- Separators: / - _ : .

Rejects dangerous characters like backticks, $(), quotes, semicolons
that could be used for command injection.

Changes:
- Added validate_model_id() to all lib/common.sh files
- Added validation calls after MODEL_ID input in all agent scripts
- Tests pass for all sprite scripts

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-07 19:52:07 +00:00
..
.claude/rules Sprite setup scripts for Claude Code and OpenClaw 2026-02-05 13:25:30 -06:00
lib security: Add MODEL_ID input validation to prevent injection 2026-02-07 19:52:07 +00:00
aider.sh security: Add MODEL_ID input validation to prevent injection 2026-02-07 19:52:07 +00:00
claude.sh Fix source detection for process substitution (bash <(curl ...)) 2026-02-07 05:03:02 +00:00
codex.sh Add Codex CLI (OpenAI) as sixth agent across all clouds (#11) 2026-02-07 09:21:23 -08:00
goose.sh Add Goose agent (Block) across all clouds (#9) 2026-02-07 08:58:51 -08:00
interpreter.sh Add Open Interpreter as seventh agent across all clouds (#13) 2026-02-07 09:30:27 -08:00
nanoclaw.sh Add NanoClaw spawn script (#2) 2026-02-06 21:23:18 -08:00
openclaw.sh security: Add MODEL_ID input validation to prevent injection 2026-02-07 19:52:07 +00:00