Description
ADV-SHELL: API Key Interpolated Without Escaping in telegram-bridge.js
| Field |
Value |
| Severity |
Low |
| CWE |
N/A (defense-in-depth) |
| File |
scripts/telegram-bridge.js |
| Line |
102 |
| Function |
runAgentInSandbox(message, sessionId) |
| Status |
Active |
Description
The NVIDIA_API_KEY environment variable is interpolated into a single-quoted shell command string without escaping. The resulting command is sent over SSH to execute on a remote sandbox host. If the API key contained a single quote character, it would break out of the shell quoting and allow arbitrary command execution on the remote host.
Vulnerable Code
// scripts/telegram-bridge.js:93-107
function runAgentInSandbox(message, sessionId) {
return new Promise((resolve) => {
const sshConfig = execSync(`"${OPENSHELL}" sandbox ssh-config "${SANDBOX}"`, { encoding: "utf-8" });
const confPath = `/tmp/nemoclaw-tg-ssh-${sessionId}.conf`;
require("fs").writeFileSync(confPath, sshConfig);
const escaped = message.replace(/'/g, "'\\''"); // ← message IS escaped (correct)
const cmd = `export NVIDIA_API_KEY='${API_KEY}' && nemoclaw-start openclaw agent --agent main --local -m '${escaped}' --session-id 'tg-${sessionId}'`;
// ^^^^^^^^^ NOT escaped
const proc = spawn("ssh", ["-T", "-F", confPath, `openshell-${SANDBOX}`, cmd], {
timeout: 120000,
stdio: ["ignore", "pipe", "pipe"],
});API_KEY is sourced from process.env.NVIDIA_API_KEY at line 30.
Why This Is Low Severity
- Operator-controlled input —
API_KEY comes from an environment variable set by the person deploying the bridge, not from Telegram users or any external source.
- Key format precludes exploitation — NVIDIA API keys use the format
nvapi-... with alphanumeric characters and hyphens. A single quote cannot appear in a valid key.
- User input IS properly escaped — The
message parameter (from Telegram chat) is correctly escaped using the standard POSIX single-quote escaping pattern (replace(/'/g, "'\\''")) before interpolation.
sessionId is safe — It is the Telegram chatId, a numeric value.
Recommended Fix
Apply the same POSIX single-quote escaping already used for message:
const escaped = message.replace(/'/g, "'\\''");
const escapedKey = API_KEY.replace(/'/g, "'\\''");
const cmd = `export NVIDIA_API_KEY='${escapedKey}' && nemoclaw-start openclaw agent --agent main --local -m '${escaped}' --session-id 'tg-${sessionId}'`;This is a one-line defense-in-depth improvement with zero risk of regression.
Reproduction Steps
As above
Environment
As above
Debug Output
Logs
Checklist
Description
ADV-SHELL: API Key Interpolated Without Escaping in telegram-bridge.js
scripts/telegram-bridge.jsrunAgentInSandbox(message, sessionId)Description
The
NVIDIA_API_KEYenvironment variable is interpolated into a single-quoted shell command string without escaping. The resulting command is sent over SSH to execute on a remote sandbox host. If the API key contained a single quote character, it would break out of the shell quoting and allow arbitrary command execution on the remote host.Vulnerable Code
API_KEYis sourced fromprocess.env.NVIDIA_API_KEYat line 30.Why This Is Low Severity
API_KEYcomes from an environment variable set by the person deploying the bridge, not from Telegram users or any external source.nvapi-...with alphanumeric characters and hyphens. A single quote cannot appear in a valid key.messageparameter (from Telegram chat) is correctly escaped using the standard POSIX single-quote escaping pattern (replace(/'/g, "'\\''")) before interpolation.sessionIdis safe — It is the TelegramchatId, a numeric value.Recommended Fix
Apply the same POSIX single-quote escaping already used for
message:This is a one-line defense-in-depth improvement with zero risk of regression.
Reproduction Steps
As above
Environment
As above
Debug Output
Logs
Checklist