Direct usage of child_process module methods with variable arguments may allow command injection.
const { execSync } = require('child_process');Use execFile with explicit argument arrays instead of child_process with string commands.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
const redirectUri = `http://localhost:${port}/callback`;Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Using sudo in scripts escalates privileges and may allow unintended system-wide modifications.
console.log(pc.dim(` sudo chown -R $(whoami) "${parentDir}"`));Remove sudo usage. Run processes with the minimum required privileges.
File system operations using variables without prior path validation or sanitization may allow traversal attacks.
fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });Add path sanitization before all fs operations. Validate paths against an allowlist of permitted directories.
Encoding environment variables or credential file contents to Base64 is a common exfiltration obfuscation technique.
const cipher = createCipheriv(ALGORITHM, Buffer.from(ENCRYPTION_KEY, "hex"), iv);
Remove Base64 encoding of credentials. If encoding is needed, use a proper encryption library.
Direct usage of child_process module methods with variable arguments may allow command injection.
import { spawn } from "child_process";Use execFile with explicit argument arrays instead of child_process with string commands.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
const url = new URL(req.url || "/", `http://localhost`);
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Building URLs by concatenating or interpolating user input without an allowlist check enables SSRF via host manipulation.
const url = new URL(`${baseUrl}/api/oauth/authorize`);Do not construct URLs from unvalidated user input. Use a URL allowlist or domain restriction.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
const treeResponse = await fetch(treeUrl, {Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
const fileResponse = await fetch(rawUrl);
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
const response = await fetch(url, { headers });Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
const response = await fetch(url, { headers });Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Building URLs by concatenating or interpolating user input without an allowlist check enables SSRF via host manipulation.
const url = new URL(`${CONTEXT7_API_BASE_URL}/v2/libs/search`);Do not construct URLs from unvalidated user input. Use a URL allowlist or domain restriction.
Building URLs by concatenating or interpolating user input without an allowlist check enables SSRF via host manipulation.
const url = new URL(`${CONTEXT7_API_BASE_URL}/v2/context`);Do not construct URLs from unvalidated user input. Use a URL allowlist or domain restriction.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
res = await fetch(url, requestOptions as RequestInit);
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Using sudo in scripts escalates privileges and may allow unintended system-wide modifications.
log.dim(` sudo chown -R $(whoami) "${parentDir}"`);Remove sudo usage. Run processes with the minimum required privileges.
Using sudo in scripts escalates privileges and may allow unintended system-wide modifications.
log.dim(` sudo chown -R $(whoami) "${parentDir}"`);Remove sudo usage. Run processes with the minimum required privileges.
Using sudo in scripts escalates privileges and may allow unintended system-wide modifications.
log.error(`Permission denied. Try: sudo rm -rf "${skillPath}"`);Remove sudo usage. Run processes with the minimum required privileges.
Using sudo in scripts escalates privileges and may allow unintended system-wide modifications.
log.dim(` sudo chown -R $(whoami) "${parentDir}"`);Remove sudo usage. Run processes with the minimum required privileges.
File system operations using variables without prior path validation or sanitization may allow traversal attacks.
fs.writeFileSync(CREDENTIALS_FILE, JSON.stringify(data, null, 2), { mode: 0o600 });Add path sanitization before all fs operations. Validate paths against an allowlist of permitted directories.
File system operations using variables without prior path validation or sanitization may allow traversal attacks.
const data = JSON.parse(fs.readFileSync(CREDENTIALS_FILE, "utf-8"));
Add path sanitization before all fs operations. Validate paths against an allowlist of permitted directories.
File system operations using variables without prior path validation or sanitization may allow traversal attacks.
fs.unlinkSync(CREDENTIALS_FILE);
Add path sanitization before all fs operations. Validate paths against an allowlist of permitted directories.
Paths containing '../' sequences targeting sensitive system files (etc/passwd, .ssh, .env) can escape intended directories.
dotenv.config({ path: path.resolve(__dirname, "../../.env") });Validate and sanitize file paths. Use path.resolve() with a base directory and verify the result stays within the allowed root.
Paths containing '../' sequences targeting sensitive system files (etc/passwd, .ssh, .env) can escape intended directories.
config({ path: path.resolve(__dirname, "../../.env") });Validate and sanitize file paths. Use path.resolve() with a base directory and verify the result stays within the allowed root.