Summary
npm PraisonAI AgentLoop onToolCall approval runs after tool execution
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-V2WW-5RH7-2H5V
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
- HIGHGHSA-5JV7-2MJM-H6QJ
npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
- HIGHGHSA-VJV9-7M7J-H833
npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining
- CRITICALGHSA-8FQ9-273G-6MRG
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
- MEDIUMGHSA-4HPG-MP64-X7XQ
OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state
- MEDIUMGHSA-MPC8-JXJH-QPGH
OpenClaw: Focus command could miss controlScope enforcement