torrentclaw-skill

History

Deivid Soto d3d6c702ed fix(security): eliminate shell injection and add input validation Replace unsafe string interpolation in aria2 RPC JSON construction with jq --arg for proper escaping. Add magnet URL format validation to reject arbitrary input. Refactor detect-client.sh JSON output to use jq. Add CI security check to prevent regression. Resolves VirusTotal "Suspicious" classification caused by the shell injection vulnerability in add-torrent.sh.	2026-02-15 10:47:10 +01:00
..
ci.yml	fix(security): eliminate shell injection and add input validation	2026-02-15 10:47:10 +01:00

Deivid Soto d3d6c702ed fix(security): eliminate shell injection and add input validation

Replace unsafe string interpolation in aria2 RPC JSON construction
with jq --arg for proper escaping. Add magnet URL format validation
to reject arbitrary input. Refactor detect-client.sh JSON output
to use jq. Add CI security check to prevent regression.

Resolves VirusTotal "Suspicious" classification caused by the
shell injection vulnerability in add-torrent.sh.

2026-02-15 10:47:10 +01:00

ci.yml

fix(security): eliminate shell injection and add input validation

2026-02-15 10:47:10 +01:00