| Summary | picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete. |
|---|---|
| Publication Date | May 27, 2026, 11:16 p.m. |
| Registration Date | May 28, 2026, 4:10 a.m. |
| Last Update | May 27, 2026, 11:16 p.m. |