A secondary security audit using bandit revealed additional vulnerabilities in this repository that should be addressed.
1. Remote Code Execution (RCE) via eval()
Using eval() on untrusted input from an LLM or user allows arbitrary Python code execution.
Crewai-agents/trip_planner/tools/calculator_tools.py: The calculate tool calls eval(operation) on raw string inputs.anthropic-quickstart/03-function-calling-agent/claude_function_agent.py: Uses eval() for math evaluation. While __builtins__ is cleared, eval is notoriously difficult to sandbox and can still be bypassed.
Recommendation: Restrict the evaluation to basic math operations or use a safer alternative like ast.literal_eval or strict regex validation.
2. Insecure Temporary Directory Usage
Hardcoding /tmp is flagged by security scanners as it can lead to symlink attacks or predictable paths on shared systems.
openclaw/fetchai-openclaw-orchestrator/connector/policy.py: Hardcodes "/tmp".
Recommendation: Use tempfile.gettempdir() instead.
3. Vulnerable urllib.urlopen Usage
The urllib.request.urlopen function is prone to protocol injection vulnerabilities if the URL is somewhat dynamic.
openclaw/agentverse-caller/scripts/call.pyClaude Agent SDK/real-estate-search-agent/sheets.py
Recommendation: Use the safer requests library instead of urllib.
A secondary security audit using
banditrevealed additional vulnerabilities in this repository that should be addressed.1. Remote Code Execution (RCE) via
eval()Using
eval()on untrusted input from an LLM or user allows arbitrary Python code execution.Crewai-agents/trip_planner/tools/calculator_tools.py: Thecalculatetool callseval(operation)on raw string inputs.anthropic-quickstart/03-function-calling-agent/claude_function_agent.py: Useseval()for math evaluation. While__builtins__is cleared,evalis notoriously difficult to sandbox and can still be bypassed.Recommendation: Restrict the evaluation to basic math operations or use a safer alternative like
ast.literal_evalor strict regex validation.2. Insecure Temporary Directory Usage
Hardcoding
/tmpis flagged by security scanners as it can lead to symlink attacks or predictable paths on shared systems.openclaw/fetchai-openclaw-orchestrator/connector/policy.py: Hardcodes"/tmp".Recommendation: Use
tempfile.gettempdir()instead.3. Vulnerable
urllib.urlopenUsageThe
urllib.request.urlopenfunction is prone to protocol injection vulnerabilities if the URL is somewhat dynamic.openclaw/agentverse-caller/scripts/call.pyClaude Agent SDK/real-estate-search-agent/sheets.pyRecommendation: Use the safer
requestslibrary instead ofurllib.