hermes-bsd/tools
Teknium 2dbc3bd937
fix(skills): guard recursive skill delete against tree-escape (#46929)
Port from Kilo-Org/kilocode#11240. Their issue #11227 lost a user's entire
working directory: a built-in-skill sentinel location resolved to the server
cwd and the skill-removal endpoint ran a recursive delete on it.

Hermes' /skills uninstall path (skills_hub.py) is already hardened, but the
agent-facing skill_manage(action='delete') path did a bare
shutil.rmtree(skill_dir) with no last-line validation. Add _validate_delete_target():
refuse to rmtree a path that (1) isn't strictly inside a known skills root,
(2) is a skills root itself, or (3) is reached via a symlink/junction.

Tests: 4 cases (normal delete works; symlinked dir, skills-root, out-of-tree
all refused). E2E verified with real symlink + file I/O.
2026-06-15 17:14:59 -07:00
..
computer_use fix(xai): accept Grok Build code during loopback wait + tiny screenshot guard 2026-06-09 23:21:24 -07:00
environments fix: make profile subprocess HOME policy explicit 2026-06-14 03:20:21 -07:00
neutts_samples
__init__.py
ansi_strip.py
approval.py fix(approval): gate in-place edits to sensitive user files 2026-06-13 14:35:27 -07:00
async_delegation.py feat(delegation): async background subagents via delegate_task(background=true) (#40946) 2026-06-15 13:33:12 -07:00
binary_extensions.py
blueprints.py refactor(cron): rebrand Cron Recipes -> Automation Blueprints 2026-06-11 10:49:47 -07:00
browser_camofox.py
browser_camofox_state.py
browser_cdp_tool.py fix(deps): declare websockets as core dep + relax dev setuptools pin (salvage #45486, #44693) (#46744) 2026-06-15 12:44:44 -04:00
browser_dialog_tool.py
browser_supervisor.py
browser_tool.py fix: harden salvaged session and browser improvements 2026-06-15 07:46:34 -07:00
budget_config.py
checkpoint_manager.py fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
clarify_gateway.py
clarify_tool.py
code_execution_tool.py fix: make profile subprocess HOME policy explicit 2026-06-14 03:20:21 -07:00
computer_use_tool.py
credential_files.py fix(slack): make video attachments available to agents (#45512) 2026-06-13 03:33:27 -07:00
cronjob_tools.py revert(cron): remove per-job profile support (PR #28124) (#43956) 2026-06-10 20:46:17 -07:00
debug_helpers.py
delegate_tool.py feat(delegation): async background subagents via delegate_task(background=true) (#40946) 2026-06-15 13:33:12 -07:00
discord_tool.py
env_passthrough.py
env_probe.py fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
fal_common.py
feishu_doc_tool.py
feishu_drive_tool.py
file_operations.py fix(search): keep partial results on search timeout (#36142) 2026-06-13 14:35:21 -07:00
file_state.py
file_tools.py refactor(tools): extract shared sentinel-free abs cwd validator 2026-06-15 14:03:41 +05:30
fuzzy_match.py
homeassistant_tool.py
image_generation_tool.py refactor(image_gen): delegate cache-path mapping to shared helper 2026-06-06 13:19:07 -07:00
interrupt.py
kanban_tools.py
lazy_deps.py fix(teams): package Microsoft Teams SDK as an installable extra (salvage #43945) (#46764) 2026-06-15 14:35:15 -04:00
managed_tool_gateway.py
mcp_oauth.py fix(mcp): fail fast for noninteractive oauth without tokens 2026-06-15 04:22:07 -07:00
mcp_oauth_manager.py fix(mcp): fail fast for noninteractive oauth without tokens 2026-06-15 04:22:07 -07:00
mcp_tool.py fix(mcp): block suspicious stdio configs before probe (#46112) 2026-06-14 04:46:54 -07:00
memory_tool.py fix(memory,skills): repair write-approval inline prompt, gateway staging, and gateway /skills review (#43452) 2026-06-10 02:57:15 -07:00
microsoft_graph_auth.py
microsoft_graph_client.py
mixture_of_agents_tool.py
neutts_synth.py
openrouter_client.py
osv_check.py fix(osv_check): honor npx --package/-p install target when parsing package arg (#40567) 2026-06-06 18:30:39 -07:00
patch_parser.py
path_security.py
process_registry.py feat(delegation): async background subagents via delegate_task(background=true) (#40946) 2026-06-15 13:33:12 -07:00
read_extract.py feat(read): extract notebook and office documents (#37082) 2026-06-13 14:42:51 -07:00
read_terminal_tool.py feat(desktop): resizable VS Code-themed terminal pane + palette polish (#42521) 2026-06-09 23:15:20 -05:00
registry.py
schema_sanitizer.py fix(tools): strip default from $ref nodes in tool schemas 2026-06-12 00:30:51 -05:00
send_message_tool.py fix(messaging): route WhatsApp group JIDs to the target, not the home DM 2026-06-15 05:51:47 -07:00
session_search_tool.py feat(desktop): composer status stack, live subagent windows, editable prompts (#44630) 2026-06-12 08:30:06 -05:00
skill_manager_tool.py fix(skills): guard recursive skill delete against tree-escape (#46929) 2026-06-15 17:14:59 -07:00
skill_provenance.py
skill_usage.py fix(curator): protect load-bearing built-in skills from archival/consolidation (#41817) 2026-06-07 22:23:29 -07:00
skills_ast_audit.py
skills_guard.py
skills_hub.py fix(skills): let ClawHub index build walk past the 12s browse budget (#44500) 2026-06-11 18:03:11 -04:00
skills_sync.py fix(skills): make bundled-update backup handling crash-safe and idempotent 2026-06-13 15:01:42 -07:00
skills_tool.py fix(skills): apply global|platform disabled union to all resolution sites 2026-06-14 22:54:54 +05:30
slash_confirm.py
terminal_tool.py refactor(tools): consolidate task-override lookup into one helper 2026-06-15 14:02:17 +05:30
thread_context.py
threat_patterns.py
tirith_security.py fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
todo_tool.py hardening(todo): bound TodoStore item content length and count 2026-06-07 18:06:27 -07:00
tool_backend_helpers.py
tool_output_limits.py
tool_result_storage.py
tool_search.py
transcription_tools.py fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
tts_tool.py feat(tts): add Gemini audio tag rewrite 2026-06-10 02:57:39 -07:00
url_safety.py fix(tools): percent-encode non-ascii URL components 2026-06-07 11:42:26 -06:00
video_generation_tool.py
vision_tools.py fix(deps): force prompt=False on the two mid-session lazy-install tool paths 2026-06-06 18:44:15 -07:00
voice_mode.py fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
web_tools.py revert(web): remove keyless Parallel search fallback (#46350) 2026-06-14 16:47:57 -07:00
website_policy.py
write_approval.py fix(memory,skills): repair write-approval inline prompt, gateway staging, and gateway /skills review (#43452) 2026-06-10 02:57:15 -07:00
x_search_tool.py
xai_http.py
yuanbao_tools.py