mirror of
https://github.com/OpenRouterTeam/spawn.git
synced 2026-05-06 08:10:48 +00:00
f1e8d946df
Replace unsafe printf '%q'-escaped unquoted variables with validated
single-quoted embedding in upload_file() for fly, northflank, daytona,
e2b, and koyeb. The previous pattern used unquoted $escaped_content and
$escaped_path in command strings passed to bash -c or run_server, which
could allow command injection via crafted filenames.
The fix:
- Validates remote_path rejects unsafe chars (', $, `, newlines)
- Uses base64 content directly (alphanumeric + /+= is shell-safe)
- Single-quotes both content and path in the command string
- Uses printf '%s' instead of echo for safer output
Matches the pattern already used by render, modal, and railway.
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| lib | ||
| aider.sh | ||
| amazonq.sh | ||
| claude.sh | ||
| cline.sh | ||
| codex.sh | ||
| continue.sh | ||
| gemini.sh | ||
| goose.sh | ||
| gptme.sh | ||
| interpreter.sh | ||
| kilocode.sh | ||
| nanoclaw.sh | ||
| openclaw.sh | ||
| opencode.sh | ||
| plandex.sh | ||
| README.md | ||
E2B
E2B sandboxed cloud containers via CLI/SDK. E2B
No SSH — uses E2B CLI for exec. Sandboxes start in ~150ms. Requires npm install -g @e2b/cli.
Agents
Claude Code
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/claude.sh)
OpenClaw
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/openclaw.sh)
NanoClaw
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/nanoclaw.sh)
Aider
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/aider.sh)
Goose
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/goose.sh)
Codex CLI
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/codex.sh)
Open Interpreter
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/interpreter.sh)
Gemini CLI
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/gemini.sh)
Amazon Q CLI
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/amazonq.sh)
Cline
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/cline.sh)
gptme
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/gptme.sh)
OpenCode
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/opencode.sh)
Plandex
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/plandex.sh)
Non-Interactive Mode
E2B_SANDBOX_NAME=dev-mk1 \
E2B_API_KEY=your-key \
OPENROUTER_API_KEY=sk-or-v1-xxxxx \
bash <(curl -fsSL https://openrouter.ai/lab/spawn/e2b/claude.sh)