From 9ee76f25db0ac7ff603271ab666121500f34f5d7 Mon Sep 17 00:00:00 2001
From: Taizi <taizi@openclaw.local>
Date: Sun, 5 Apr 2026 02:58:28 +0800
Subject: [PATCH] Fix: Replace shell=True to prevent shell injection

Security fix for issue #2107:
- Changed subprocess.run(shell=True) to subprocess.run(shell=False)
- Use shlex.split() to properly parse command strings
- This prevents shell injection vulnerabilities
---
 .../ten_packages/extension/main_nodejs/tools/run_script.py    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ai_agents/agents/examples/voice-assistant-nodejs/tenapp/ten_packages/extension/main_nodejs/tools/run_script.py b/ai_agents/agents/examples/voice-assistant-nodejs/tenapp/ten_packages/extension/main_nodejs/tools/run_script.py
index 616bc1b093..8f108e9835 100644
--- a/ai_agents/agents/examples/voice-assistant-nodejs/tenapp/ten_packages/extension/main_nodejs/tools/run_script.py
+++ b/ai_agents/agents/examples/voice-assistant-nodejs/tenapp/ten_packages/extension/main_nodejs/tools/run_script.py
@@ -5,6 +5,7 @@
 # See the LICENSE file for more information.
 #
 import argparse
+import shlex
 import subprocess
 import sys
 import os
@@ -15,7 +16,8 @@ def run_cmd(cmd: str, env: dict[str, str] | None = None) -> int:
     if env is None:
         env = os.environ.copy()
     print(f"Running: {cmd}")
-    result = subprocess.run(cmd, shell=True, check=True, env=env)
+    # Use shell=False to avoid shell injection vulnerabilities
+    result = subprocess.run(shlex.split(cmd), shell=False, check=True, env=env)
     return result.returncode