vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-08 10:09:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
spawn/shared
History
A f586e19790
fix(security): replace unquoted heredocs with printf to prevent shell expansion in API keys (#1031) 
Unquoted `<< EOF` heredocs in nanoclaw .env file creation cause shell
expansion of the API key value. If an API key contains `$`, backticks,
or `\`, the value is silently corrupted or could trigger command
execution. Replace with `printf '%s'` which safely writes the value
without interpretation.

Also fix unquoted variable expansion in upload_config_file's mv command
and the github-codespaces/openclaw.sh config heredoc.

Fixes 34 scripts across all cloud providers.

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-13 19:41:10 -05:00
..
common.sh fix(security): replace unquoted heredocs with printf to prevent shell expansion in API keys (#1031) 2026-02-13 19:41:10 -05:00
github-auth.sh refactor: decompose ensure_jq and ensure_gh_cli into focused helpers (#994) 2026-02-13 12:14:56 -08:00
key-request.sh fix: validate provider name in invalidate_cloud_key and improve key validation (#1017) 2026-02-13 14:43:44 -08:00