haitham/claw3d
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): close remaining path validation gaps (#77)

Browse Source 
Harden the SSH agent-state and skill-removal paths to match the local security model, and avoid rejecting valid local workspace skill removals.

Made-with: Cursor

Co-authored-by: iamlukethedev <lucas.guilherme@smartwayslfl.com>
This commit is contained in:
Luke The Dev
2026-03-27 22:21:41 -05:00
committed by GitHub
parent e0eb73111b
commit c3556d2daa
10 changed files with 69 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/app/api/gateway/agent-state/route.ts
+3
View File
@@ -63,6 +63,9 @@ export async function POST(request: Request) {
message.includes("agentId is required") ||
message.includes("trashDir is required") ||
message.includes("Invalid agentId") ||
message.includes("trashDir does not exist") ||
message.includes("trashDir is not under") ||
message.includes("Refusing to restore over existing path") ||
message.includes("Gateway URL is missing") ||
message.includes("Invalid gateway URL") ||
message.includes("require OPENCLAW_GATEWAY_SSH_TARGET")
src/app/api/gateway/skills/remove/route.ts
+1
View File
@@ -76,6 +76,7 @@ export async function POST(request: Request) {
message.includes("Unsupported skill source") ||
message.includes("Refusing to remove") ||
message.includes("not a directory") ||
message.includes("Remote workspace skill removal is not supported over SSH") ||
message.includes("Gateway URL is missing") ||
message.includes("Invalid gateway URL") ||
message.includes("require OPENCLAW_GATEWAY_SSH_TARGET")