| عنوان | zevorn rt-claw 36d128f72afa0b9d40a21bcd6069b0c193a58f82 (unreleased main, post-v0.2.0) Remote Code Execution via Unsafe Tool Auto-Approval (CWE-94) |
|---|
| الوصف | # Technical Details
A Remote Code Execution vulnerability exists in the Telegram-to-AI tool execution flow ending at `tool_run_script_execute` in `claw/services/tools/script.c` of rt-claw.
The application fails to require explicit approval before executing dangerous AI-selected tools. A remote Telegram message can be forwarded into the AI pipeline, the model can return a `run_script` tool call, and `ai_engine.c` dispatches it through `claw_tool_invoke()` with no approval gate, leading to Python execution on Linux.
# Vulnerable Code
File: claw/services/im/telegram.c
Method: tg_ai_worker
Why: Untrusted Telegram text is forwarded into `ai_chat()`, which advertises tool schemas. When the model selects `run_script`, the call reaches `tool_run_script_execute` without any confirmation or deny-by-default control for dangerous local tools.
# Reproduction
1. Download `verification_test.py`, `control-no-tool-call.py`, `harness.py`, `fake_ai_api.py`, and `fake_telegram_api.py` from the issue-linked gists.
2. Run `python3 verification_test.py` to build the Linux binary, start the fake Telegram and AI services, inject a Telegram message, and make the fake AI emit a `run_script` tool call.
3. Observe that `vuln/canary.txt` is created with `vuln-canary`; then run the control case and verify `control/canary.txt` is not created.
# Impact
- A remote Telegram user can trigger arbitrary Python execution through the AI tool path.
- This can lead to local file read/write, credential theft, host tampering, and follow-on abuse of resources reachable by the `rtclaw` process. |
|---|
| المصدر | ⚠️ https://github.com/zevorn/rt-claw/issues/138 |
|---|
| المستخدم | Eric-h (UID 97582) |
|---|
| ارسال | 13/06/2026 08:14 AM (1 شهر منذ) |
|---|
| الاعتدال | 18/07/2026 09:34 AM (1 month later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 380020 [zevorn rt-claw حتى 0.2.0 Telegram-to-AI Tool Execution Flow script.c tool_run_script_execute تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|