github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 20:58:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): restrict skill download target paths

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-16 03:46:32 +01:00
parent c6c53437f7
commit 2363e1b085
9 changed files with 442 additions and 324 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/agents/skills/tools-dir.ts Normal file
View File

@@ -0,0 +1,11 @@
import path from "node:path";
import type { SkillEntry } from "./types.js";
import { safePathSegmentHashed } from "../../infra/install-safe-path.js";
import { resolveConfigDir } from "../../utils.js";
import { resolveSkillKey } from "./frontmatter.js";
export function resolveSkillToolsRootDir(entry: SkillEntry): string {
const key = resolveSkillKey(entry.skill, entry);
const safeKey = safePathSegmentHashed(key);
return path.join(resolveConfigDir(), "tools", safeKey);
}