Submit #808167: 8421bit MiniClaw 0 Path Traversalinfo

Title8421bit MiniClaw 0 Path Traversal
DescriptionThe executeSkillScript function is vulnerable to Path Traversal (CWE-22). The function constructs the script path using unsanitized user-controlled inputs (skillName, scriptFile) with path.join(), without validating that the final path stays within the allowed SKILLS_DIR directory. Attackers can use ../ sequences to access arbitrary files on the server filesystem. More details: https://github.com/8421bit/MiniClaw/issues/5
Source⚠️ https://github.com/8421bit/MiniClaw/issues/5
User
 ybdesire (UID 83239)
Submission04/20/2026 12:54 (3 months ago)
Moderation05/07/2026 18:33 (17 days later)
StatusAccepted
VulDB entry361901 [8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f executeSkillScript src/kernel.ts isPathInside path traversal]
Points20

Interested in the pricing of exploits?

See the underground prices here!