FoundDream Miniclawd Command Injection Vulnerability in SkillsLoader Component

A command injection vulnerability has been identified in FoundDream Miniclawd versions prior to 2d65665046e2222eeea76cafc8570ed546a8c125. The issue resides in the SkillsLoader component, specifically within the 'which()' method of 'skills-loader.ts'. The vulnerability allows for arbitrary command execution by manipulating the 'requires.bins' argument, with the potential for remote exploitation.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server, with the possibility of a full system compromise if the process has sufficient privileges.

Reproduction

To reproduce this vulnerability, create a malicious skill directory that includes a 'SKILL.md' file. This file should be crafted to include a 'requires.bins' entry that concatenates a command injection payload, such as a command to create a file in the '/tmp' directory. Once the malicious skill is loaded, the injected command will be executed with the application's privileges.

Remediation

Users are advised to avoid shell string interpolation in command execution, disable shell execution altogether, and implement validation for command names. Additionally, adding a timeout to command executions can prevent the application from hanging indefinitely.