2 matches found
Incomplete List of Disallowed Inputs
Overview pyspector is an A high-performance, security-focused static analysis tool for Python, powered by Rust. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the validateplugincode function. An attacker can execute arbitrary system commands by...
OpenClaw plugin runtime command execution is part of trusted plugin boundary
Summary OpenClaw plugins/extensions run in-process and are treated as trusted code. This advisory tracks trust-boundary clarification around plugin runtime command execution runtime.system.runCommandWithTimeout. Impact Plugins already execute with the same OS privileges as the OpenClaw process...