6.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): Low (L)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): None (N)
Activity log
- Created suggestion
@rtk-ai/rtk-rewrite: OpenClaw Rewrite Plugin Command Injection via execSync Template String
@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync() template string without shell-safe escaping. JSON.stringify() wraps the value in double quotes and escapes inner double-quotes and backslashes, but leaves $() and backtick shell metacharacters untouched. Because execSync delegates execution to /bin/sh -c, the shell expands $(...) substitutions even inside double-quoted strings, causing the injected subcommand to execute before rtk is invoked. An attacker who can influence the exec tool's command parameter (e.g., via an LLM agent prompt or gateway/tool-call input) achieves arbitrary OS command execution with the privileges of the plugin/gateway process.
References
Affected products
- ==1.0.0
Matching in nixpkgs
pkgs.rtk
CLI proxy that reduces LLM token consumption by 60-90% on common dev commands
pkgs.mirtk
Medical image registration library and tools
-
nixos-unstable 2.0.0-unstable-2025-02-27
- nixpkgs-unstable 2.0.0-unstable-2025-02-27
- nixos-unstable-small 2.0.0-unstable-2025-02-27
-
nixos-26.05 2.0.0-unstable-2025-02-27
- nixos-26.05-small 2.0.0-unstable-2025-02-27
- nixpkgs-26.05-darwin 2.0.0-unstable-2025-02-27
pkgs.rtkit
Daemon that hands out real-time priority to processes
pkgs.exprtk
C++ Mathematical Expression Toolkit Library
pkgs.rtklib-ex
Open Source Program Package for GNSS Positioning
pkgs.pkgsRocm.mirtk
Medical image registration library and tools
-
nixos-unstable 2.0.0-unstable-2025-02-27
- nixpkgs-unstable 2.0.0-unstable-2025-02-27
- nixos-unstable-small 2.0.0-unstable-2025-02-27
-
nixos-26.05 2.0.0-unstable-2025-02-27
- nixos-26.05-small 2.0.0-unstable-2025-02-27
- nixpkgs-26.05-darwin 2.0.0-unstable-2025-02-27
pkgs.rtl8761b-firmware
Firmware for Realtek RTL8761b
pkgs.gtklock-virtkb-module
Gtklock module adding a keyboard to the lockscreen
-
nixos-unstable 0-unstable-2025-02-27
- nixpkgs-unstable 0-unstable-2025-02-27
- nixos-unstable-small 0-unstable-2025-02-27
-
nixos-26.05 0-unstable-2025-02-27
- nixos-26.05-small 0-unstable-2025-02-27
- nixpkgs-26.05-darwin 0-unstable-2025-02-27
pkgs.indi-3rdparty.indi-rtklib
Third party drivers for the INDI astronomical software suite
-
nixos-unstable 3rdparty-indi-rtklib-2.2.0
- nixpkgs-unstable 3rdparty-indi-rtklib-2.2.0
- nixos-unstable-small 3rdparty-indi-rtklib-2.2.0
-
nixos-26.05 3rdparty-indi-rtklib-2.2.0
- nixos-26.05-small 3rdparty-indi-rtklib-2.2.0
- nixpkgs-26.05-darwin 3rdparty-indi-rtklib-2.2.0
pkgs.python312Packages.cexprtk
None
pkgs.python313Packages.cexprtk
Mathematical expression parser, cython wrapper
Package maintainers
-
@Aleksanaa Aleksana QwQ <me@aleksana.moe>
-
@returntoreality Linus Karl <linus@lotz.li>
-
@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>
-
@bcdarwin Ben Darwin <bcdarwin@gmail.com>
-
@onny Jonas Heinrich <onny@project-insanity.org>
-
@Gliczy Gliczy
-
@skaphi Oskar Philipsson <oskar.philipsson@gmail.com>
-
@milibopp Emilia Bopp <contact@ebopp.de>
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>