OrderCLI Security Advisory

Security advisory for OrderCLI — 2 high/critical issues found on 2026-05-07T09:15:31Z

OrderCLI 的安全公告 — 2026-05-07T09:15:31Z 发现 2 个高危/严重问题

未分类 clawhub v0.1.202605071715 1 版本 100000 Key: 无需

★ 0

Stars

📥 278

下载

💾 0

安装

版本

#latest

概述

OrderCLI Security Advisory

Date: 2026-05-07T09:15:31Z

Summary

Audit of /root/.openclaw/workspace/ordercli found 2 high/critical issues.

🔴 Critical: 0
🟠 High: 2
🟡 Medium: 2

Findings

🟡 MEDIUM: Some CRUD-like functions lack visible auth checks — manual review recommended
🟠 HIGH: JSON is loaded without schema validation (1 json.load(s) calls, 0 validators)
🟡 MEDIUM: File operations without try/except error handling
🟠 HIGH: orders.json contains 3 PII field(s) — ensure access is restricted

Recommended Actions

Fix all critical issues before any production deployment
Rotate any exposed credentials immediately
Add input validation and parameterized queries
Restrict file permissions on data files containing PII
Re-run audit after fixes: ./run-audit.sh /root/.openclaw/workspace/ordercli

Auto-generated by run-audit.sh

版本历史

共 1 个版本

v0.1.202605071715 当前

2026-05-08 13:40 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)

安全，无风险

查看报告

🔗 相关推荐

it-ops-security

OpenClaw Backup

alex3alex

备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。

★ 90 📥 31,031

it-ops-security

Free Ride - Unlimited free AI

shaivpidadi

管理OpenClaw的OpenRouter免费AI模型，自动按质量排名模型，配置速率限制备用方案，并更新opencla...

★ 471 📥 78,332

it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang

MoltGuard — OpenClaw 安全守卫，由 OpenGuardrails 提供。安装后可防止您和您的用户受到提示注入、数据泄露及恶意行为的侵害。

★ 116 📥 30,991