Command injection in /debug/cli endpoint

## Summary

The `/debug/cli` endpoint in `src/routes/debug.ts` (lines 131-134) passes the user-supplied `cmd` query parameter directly to `sandbox.startProcess()` without sanitization.

```typescript
const cmd = c.req.query('cmd') || 'openclaw --version';
const result = await sandbox.startProcess(cmd);
```

While this endpoint is behind authentication middleware, any authenticated user can execute arbitrary commands inside the container.

## Impact

**Severity: Critical** — Arbitrary command execution in the container. An authenticated user could:
- Read/modify container files (config, secrets, workspace data)
- Exfiltrate environment variables including API keys
- Modify the running OpenClaw process or its configuration

## Recommendation

Either:
1. Remove the endpoint entirely (it's a debug tool)
2. Restrict to an allowlist of safe commands (e.g., `openclaw --version`, `openclaw doctor`)
3. Add strict input validation to prevent shell metacharacters

Found during security review for #74 / PR #298.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Command injection in /debug/cli endpoint #299

Summary

Impact

Recommendation

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Command injection in /debug/cli endpoint #299

Description

Summary

Impact

Recommendation

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions