haitham/claw3d
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): close remaining path validation gaps (#77)

Browse Source 
Harden the SSH agent-state and skill-removal paths to match the local security model, and avoid rejecting valid local workspace skill removals.

Made-with: Cursor

Co-authored-by: iamlukethedev <lucas.guilherme@smartwayslfl.com>
This commit is contained in:
Luke The Dev
2026-03-27 22:21:41 -05:00
committed by GitHub
parent e0eb73111b
commit c3556d2daa
10 changed files with 69 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/unit/skillsRemoveExecutor.test.ts
+3
View File
@@ -54,5 +54,8 @@ describe("skills remove ssh executor", () => {
input: expect.stringContaining('python3 - "$1" "$2" "$3" "$4" "$5"'),
})
);
const call = mockedRunSshJson.mock.calls[0]?.[0];
expect(call?.input).toContain('managed_skills_root = (state_dir / "skills").resolve(strict=False)');
expect(call?.input).toContain("Remote workspace skill removal is not supported over SSH.");
});
});