spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-03 14:20:19 +00:00

History

A dcf41c63ea fix: Prevent Python injection in Modal provider via env vars (#127 ) MODAL_SANDBOX_ID and sandbox name were interpolated directly into Python code strings, allowing potential code injection. Now all user-controlled values are passed via environment variables and read with os.environ in Python. Changes: - create_server: pass name/image via _MODAL_NAME/_MODAL_IMAGE env vars, use getattr() for image lookup, add sandbox name validation - run_server: pass sandbox ID and command via env vars - interactive_session: pass sandbox ID and command via env vars - destroy_server: pass sandbox ID via env var - Add validate_sandbox_id() to enforce sb-<alphanumeric> format - upload_file: remove printf '%q' escaping (base64 is safe) Agent: security-auditor Co-authored-by: A <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>		2026-02-09 20:22:08 -08:00
..
lib	fix: Prevent Python injection in Modal provider via env vars (#127 )	2026-02-09 20:22:08 -08:00
aider.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
amazonq.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
claude.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
cline.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
codex.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
gemini.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
goose.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
gptme.sh	refactor: Extract ENV_TEMP pattern to provider-specific inject functions	2026-02-08 04:15:02 +00:00
interpreter.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
kilocode.sh	feat: Add kilocode scripts for e2b, modal, fly, civo, scaleway, daytona (#113 )	2026-02-09 19:45:51 -08:00
nanoclaw.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
openclaw.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
opencode.sh	fix: Use robust OpenCode install method across all clouds (#48 )	2026-02-07 23:02:18 -08:00
plandex.sh	Add Plandex coding agent with 14 cloud implementations (#36 )	2026-02-07 21:35:04 -08:00
README.md	fix: Improve CLI error handling, fix bash compat, and update cloud READMEs (#90 )	2026-02-09 09:33:57 -08:00

README.md

Modal sandboxed containers via Python SDK. Modal

No SSH — uses Modal Python SDK for exec. Sub-second cold starts. Requires pip install modal.

Agents

Claude Code

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/claude.sh)

OpenClaw

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/openclaw.sh)

NanoClaw

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/nanoclaw.sh)

Aider

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/aider.sh)

Goose

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/goose.sh)

Codex CLI

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/codex.sh)

Open Interpreter

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/interpreter.sh)

Gemini CLI

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/gemini.sh)

Amazon Q CLI

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/amazonq.sh)

Cline

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/cline.sh)

gptme

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/gptme.sh)

OpenCode

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/opencode.sh)

Plandex

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/plandex.sh)

Non-Interactive Mode

MODAL_SANDBOX_NAME=dev-mk1 \
OPENROUTER_API_KEY=sk-or-v1-xxxxx \
  bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/claude.sh)