mirror of
https://github.com/OpenRouterTeam/spawn.git
synced 2026-05-19 16:39:50 +00:00
f685374567
Replace base64-into-shell interpolation with SCP-based uploadConfigFile() for Claude Code settings.json and Cursor CLI config files. This eliminates the attack surface of injecting encoded payloads into shell command strings. Add chmod 600 on ~/.openclaw/openclaw.json after writing the Telegram bot token to prevent other users on the VM from reading the token in plaintext. Fixes #3033 Fixes #3034 Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
26 lines
663 B
JSON
26 lines
663 B
JSON
{
|
|
"name": "@openrouter/spawn",
|
|
"version": "0.27.1",
|
|
"type": "module",
|
|
"bin": {
|
|
"spawn": "cli.js"
|
|
},
|
|
"scripts": {
|
|
"dev": "bun run src/index.ts",
|
|
"build": "bun build src/index.ts --outfile cli.js --target bun --minify --packages bundle",
|
|
"compile": "bun build src/index.ts --compile --outfile spawn",
|
|
"lint": "biome lint src/",
|
|
"test": "bun test",
|
|
"test:watch": "bun test --watch"
|
|
},
|
|
"dependencies": {
|
|
"@clack/prompts": "1.0.0",
|
|
"@openrouter/spawn-shared": "workspace:*",
|
|
"picocolors": "1.1.1",
|
|
"valibot": "1.2.0"
|
|
},
|
|
"devDependencies": {
|
|
"@biomejs/biome": "2.4.3",
|
|
"@types/bun": "1.3.8"
|
|
}
|
|
}
|