LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-07 22:44:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): restrict MEDIA path extraction to prevent LFI (#4930)

Browse Source 
* fix(security): restrict inbound media staging to media directory

* docs: update MEDIA path guidance for security restrictions

- Update agent hint to warn against absolute/~ paths
- Update docs example to use https:// instead of /tmp/

---------

Co-authored-by: Evan Otero <evanotero@google.com>
This commit is contained in:
Glucksberg
2026-01-31 14:55:37 -04:00
committed by GitHub
parent f1de88c198
commit 34e2425b4d
4 changed files with 98 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/start/openclaw.md
View File

@@ -211,7 +211,7 @@ Outbound attachments from the agent: include `MEDIA:<path-or-url>` on its own li
```
Heres the screenshot.
MEDIA:/tmp/screenshot.png
MEDIA:https://example.com/screenshot.png
```
OpenClaw extracts these and sends them as media alongside the text.