spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-20 09:31:15 +00:00

History

A f685374567 fix(security): use uploadConfigFile for config deployment, chmod 600 openclaw config (#3038 ) Replace base64-into-shell interpolation with SCP-based uploadConfigFile() for Claude Code settings.json and Cursor CLI config files. This eliminates the attack surface of injecting encoded payloads into shell command strings. Add chmod 600 on ~/.openclaw/openclaw.json after writing the Telegram bot token to prevent other users on the VM from reading the token in plaintext. Fixes #3033 Fixes #3034 Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-03-27 06:15:03 +07:00
..
cli	fix(security): use uploadConfigFile for config deployment, chmod 600 openclaw config (#3038 )	2026-03-27 06:15:03 +07:00
shared	fix: rethrow normalized Error in tryCatchIf/asyncTryCatchIf (#2930 )	2026-03-23 19:33:05 -07:00

fix(security): use uploadConfigFile for config deployment, chmod 600 openclaw config (#3038 )

Replace base64-into-shell interpolation with SCP-based uploadConfigFile()
for Claude Code settings.json and Cursor CLI config files. This eliminates
the attack surface of injecting encoded payloads into shell command strings.

Add chmod 600 on ~/.openclaw/openclaw.json after writing the Telegram bot
token to prevent other users on the VM from reading the token in plaintext.

Fixes #3033
Fixes #3034

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-03-27 06:15:03 +07:00

cli

fix(security): use uploadConfigFile for config deployment, chmod 600 openclaw config (#3038 )

2026-03-27 06:15:03 +07:00

shared

fix: rethrow normalized Error in tryCatchIf/asyncTryCatchIf (#2930 )

2026-03-23 19:33:05 -07:00