From 9ee76f25db0ac7ff603271ab666121500f34f5d7 Mon Sep 17 00:00:00 2001
From: Taizi <taizi@openclaw.local>
Date: Sun, 5 Apr 2026 02:58:28 +0800
Subject: [PATCH 1/4] Fix: Replace shell=True to prevent shell injection

Security fix for issue #2107:
- Changed subprocess.run(shell=True) to subprocess.run(shell=False)
- Use shlex.split() to properly parse command strings
- This prevents shell injection vulnerabilities
---
 .../ten_packages/extension/main_nodejs/tools/run_script.py    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ai_agents/agents/examples/voice-assistant-nodejs/tenapp/ten_packages/extension/main_nodejs/tools/run_script.py b/ai_agents/agents/examples/voice-assistant-nodejs/tenapp/ten_packages/extension/main_nodejs/tools/run_script.py
index 616bc1b093..8f108e9835 100644
--- a/ai_agents/agents/examples/voice-assistant-nodejs/tenapp/ten_packages/extension/main_nodejs/tools/run_script.py
+++ b/ai_agents/agents/examples/voice-assistant-nodejs/tenapp/ten_packages/extension/main_nodejs/tools/run_script.py
@@ -5,6 +5,7 @@
 # See the LICENSE file for more information.
 #
 import argparse
+import shlex
 import subprocess
 import sys
 import os
@@ -15,7 +16,8 @@ def run_cmd(cmd: str, env: dict[str, str] | None = None) -> int:
     if env is None:
         env = os.environ.copy()
     print(f"Running: {cmd}")
-    result = subprocess.run(cmd, shell=True, check=True, env=env)
+    # Use shell=False to avoid shell injection vulnerabilities
+    result = subprocess.run(shlex.split(cmd), shell=False, check=True, env=env)
     return result.returncode
 
 

From a14a772ae4d802b07cd6cedce926a6dd0d47b8e5 Mon Sep 17 00:00:00 2001
From: Taizi <taizi@openclaw.local>
Date: Wed, 8 Apr 2026 06:00:04 +0800
Subject: [PATCH 2/4] Fix shell injection security vulnerability (shell=True ->
 shell=False)

- Replace shell=True with shell=False + shlex.split() to prevent shell injection
- Apply fix to 2 affected run_script.py files
- Addresses security issues reported in #2106 and #2107
---
 .../default_extension_nodejs/tools/run_script.py              | 4 +++-
 .../ten_packages/extension/vtt_nodejs/tools/run_script.py     | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/packages/core_extensions/default_extension_nodejs/tools/run_script.py b/packages/core_extensions/default_extension_nodejs/tools/run_script.py
index 616bc1b093..427154ffec 100644
--- a/packages/core_extensions/default_extension_nodejs/tools/run_script.py
+++ b/packages/core_extensions/default_extension_nodejs/tools/run_script.py
@@ -5,6 +5,7 @@
 # See the LICENSE file for more information.
 #
 import argparse
+import shlex
 import subprocess
 import sys
 import os
@@ -15,7 +16,8 @@ def run_cmd(cmd: str, env: dict[str, str] | None = None) -> int:
     if env is None:
         env = os.environ.copy()
     print(f"Running: {cmd}")
-    result = subprocess.run(cmd, shell=True, check=True, env=env)
+    # Use shell=False with shlex.split to avoid shell injection vulnerabilities
+    result = subprocess.run(shlex.split(cmd), shell=False, check=True, env=env)
     return result.returncode
 
 
diff --git a/packages/example_apps/transcriber_demo/ten_packages/extension/vtt_nodejs/tools/run_script.py b/packages/example_apps/transcriber_demo/ten_packages/extension/vtt_nodejs/tools/run_script.py
index 616bc1b093..427154ffec 100644
--- a/packages/example_apps/transcriber_demo/ten_packages/extension/vtt_nodejs/tools/run_script.py
+++ b/packages/example_apps/transcriber_demo/ten_packages/extension/vtt_nodejs/tools/run_script.py
@@ -5,6 +5,7 @@
 # See the LICENSE file for more information.
 #
 import argparse
+import shlex
 import subprocess
 import sys
 import os
@@ -15,7 +16,8 @@ def run_cmd(cmd: str, env: dict[str, str] | None = None) -> int:
     if env is None:
         env = os.environ.copy()
     print(f"Running: {cmd}")
-    result = subprocess.run(cmd, shell=True, check=True, env=env)
+    # Use shell=False with shlex.split to avoid shell injection vulnerabilities
+    result = subprocess.run(shlex.split(cmd), shell=False, check=True, env=env)
     return result.returncode
 
 

From f936560093a2c4983e29aaf8c61b8152921254c7 Mon Sep 17 00:00:00 2001
From: Taizi <taizi@openclaw.local>
Date: Wed, 8 Apr 2026 06:51:50 +0800
Subject: [PATCH 3/4] fix(security): replace shell=True with shell=False to
 prevent shell injection

Security vulnerability reported in:
- Issue #2107: subprocess function 'run' with 'shell=True'
- Issue #2106: subprocess invocation uses shell=True

This change replaces all subprocess.run() calls with shell=True
with subprocess.run() using shell=False via shlex.split() for safe command parsing.

Files fixed:
- packages/core_apps/default_app_cpp/tools/run_script.py
- packages/core_extensions/default_extension_cpp/tools/run_script.py
- packages/core_extensions/default_extension_nodejs/tests/bin/start.py
---
 packages/core_apps/default_app_cpp/tools/run_script.py      | 4 +++-
 .../default_extension_cpp/tools/run_script.py               | 4 +++-
 .../default_extension_nodejs/tests/bin/start.py             | 6 +++---
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/packages/core_apps/default_app_cpp/tools/run_script.py b/packages/core_apps/default_app_cpp/tools/run_script.py
index 64a329c7e6..01e135e60c 100644
--- a/packages/core_apps/default_app_cpp/tools/run_script.py
+++ b/packages/core_apps/default_app_cpp/tools/run_script.py
@@ -7,6 +7,7 @@
 
 import argparse
 import platform
+import shlex
 import subprocess
 import sys
 
@@ -52,7 +53,8 @@ def detect_arch() -> str:
 def run_cmd(cmd: str) -> int:
     """Run a shell command."""
     print(f"Running: {cmd}")
-    result = subprocess.run(cmd, shell=True, check=True)
+    # Use shell=False to avoid shell injection vulnerabilities
+    result = subprocess.run(shlex.split(cmd), shell=False, check=True)
     return result.returncode
 
 
diff --git a/packages/core_extensions/default_extension_cpp/tools/run_script.py b/packages/core_extensions/default_extension_cpp/tools/run_script.py
index b2a0c2783c..604838c187 100644
--- a/packages/core_extensions/default_extension_cpp/tools/run_script.py
+++ b/packages/core_extensions/default_extension_cpp/tools/run_script.py
@@ -6,6 +6,7 @@
 #
 import argparse
 import platform
+import shlex
 import subprocess
 import sys
 import os as os_module
@@ -53,7 +54,8 @@ def run_cmd(cmd: str, env: dict[str, str] | None = None) -> int:
     if env is None:
         env = os_module.environ.copy()
     print(f"Running: {cmd}")
-    result = subprocess.run(cmd, shell=True, check=True, env=env)
+    # Use shell=False to avoid shell injection vulnerabilities
+    result = subprocess.run(shlex.split(cmd), shell=False, check=True, env=env)
     return result.returncode
 
 
diff --git a/packages/core_extensions/default_extension_nodejs/tests/bin/start.py b/packages/core_extensions/default_extension_nodejs/tests/bin/start.py
index c4ae1adfc0..bba62794ab 100644
--- a/packages/core_extensions/default_extension_nodejs/tests/bin/start.py
+++ b/packages/core_extensions/default_extension_nodejs/tests/bin/start.py
@@ -16,14 +16,14 @@
 
 # npm install
 print("Running npm install...")
-result = subprocess.run(["npm", "install"], env=env, shell=True)
+result = subprocess.run(["npm", "install"], env=env)
 if result.returncode != 0:
     print("npm install failed")
     sys.exit(result.returncode)
 
 # npm run build
 print("Running npm run build...")
-result = subprocess.run(["npm", "run", "build"], env=env, shell=True)
+result = subprocess.run(["npm", "run", "build"], env=env)
 if result.returncode != 0:
     print("npm run build failed")
     sys.exit(result.returncode)
@@ -51,5 +51,5 @@
 
 # npm test
 print("Running npm test...")
-result = subprocess.run(["npm", "test"], env=env, shell=True)
+result = subprocess.run(["npm", "test"], env=env)
 sys.exit(result.returncode)

From 61c2ceb9b428ad9b1493b10eaffdadd91412250e Mon Sep 17 00:00:00 2001
From: taizi <taizi@openclaw.local>
Date: Sun, 12 Apr 2026 02:03:43 +0800
Subject: [PATCH 4/4] fix: replace shell=True to prevent shell injection
 vulnerabilities

Security fix: Removing shell=True from subprocess.run() calls to prevent
shell injection vulnerabilities. When shell=True, the command is executed
through a shell, which can be exploited if untrusted input is passed.

Reported in issues #2107 and #2106
---
 .../default_extension_nodejs/tests/bin/start.py             | 6 +++---
 .../default_extension_nodejs/tests/bin/start.py             | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/tests/ten_runtime/integration/nodejs/standalone_test_nodejs_2/default_extension_nodejs/tests/bin/start.py b/tests/ten_runtime/integration/nodejs/standalone_test_nodejs_2/default_extension_nodejs/tests/bin/start.py
index 1e4049a48d..3c07a62267 100644
--- a/tests/ten_runtime/integration/nodejs/standalone_test_nodejs_2/default_extension_nodejs/tests/bin/start.py
+++ b/tests/ten_runtime/integration/nodejs/standalone_test_nodejs_2/default_extension_nodejs/tests/bin/start.py
@@ -16,14 +16,14 @@
 
 # npm install
 print("Running npm install...")
-result = subprocess.run(["npm", "install"], env=env, shell=True)
+result = subprocess.run(["npm", "install"], env=env)
 if result.returncode != 0:
     print("npm install failed")
     sys.exit(result.returncode)
 
 # npm run build
 print("Running npm run build...")
-result = subprocess.run(["npm", "run", "build"], env=env, shell=True)
+result = subprocess.run(["npm", "run", "build"], env=env)
 if result.returncode != 0:
     print("npm run build failed")
     sys.exit(result.returncode)
@@ -50,5 +50,5 @@
 
 # npm test
 print("Running npm test...")
-result = subprocess.run(["npm", "test"], env=env, shell=True)
+result = subprocess.run(["npm", "test"], env=env)
 sys.exit(result.returncode)
diff --git a/tests/ten_runtime/integration/nodejs/standalone_test_nodejs_3/default_extension_nodejs/tests/bin/start.py b/tests/ten_runtime/integration/nodejs/standalone_test_nodejs_3/default_extension_nodejs/tests/bin/start.py
index 22e4fb9b85..0c80bc6d92 100644
--- a/tests/ten_runtime/integration/nodejs/standalone_test_nodejs_3/default_extension_nodejs/tests/bin/start.py
+++ b/tests/ten_runtime/integration/nodejs/standalone_test_nodejs_3/default_extension_nodejs/tests/bin/start.py
@@ -16,14 +16,14 @@
 
 # npm install
 print("Running npm install...")
-result = subprocess.run(["npm", "install"], env=env, shell=True)
+result = subprocess.run(["npm", "install"], env=env)
 if result.returncode != 0:
     print("npm install failed")
     sys.exit(result.returncode)
 
 # npm run build
 print("Running npm run build...")
-result = subprocess.run(["npm", "run", "build"], env=env, shell=True)
+result = subprocess.run(["npm", "run", "build"], env=env)
 if result.returncode != 0:
     print("npm run build failed")
     sys.exit(result.returncode)