Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified as 223c16a1088e138838dcbd18cd65a37c35ac5a84. It is best practice to apply a patch to resolve this issue.
AnalysisAI
OS command injection in 8421bit MiniClaw 0.8.0 and 0.9.0 allows local authenticated attackers to execute arbitrary system commands via the resolveSkillScriptPath function in the System Command Handler (src/kernel.ts). The vulnerability stems from unsafe command construction using string concatenation with unsanitized user input passed to shell execution. Publicly available exploit code exists, and a patch has been released by the vendor.
Technical ContextAI
MiniClaw is a Node.js-based system command handler that processes skill scripts and cognitive pulse prompts. The vulnerability exists in the resolveSkillScriptPath function within src/kernel.ts, which constructs shell commands by concatenating user-controlled prompt data directly into command strings without proper escaping or parameterization. The original code used the unsafe exec() function from Node.js child_process module with string interpolation, which allows shell metacharacters (pipes, semicolons, backticks, command substitution) in the prompt input to break out of the intended command context. CWE-78 (Improper Neutralization of Special Elements used in an OS Command) classifies this as a classic command injection flaw. The patch migrates from exec(command_string) with string concatenation to spawn(command, args_array) with argument array separation, preventing shell interpretation of user input by bypassing the shell interpreter entirely.
RemediationAI
Apply the vendor-released patch immediately by updating to a version containing commit 223c16a1088e138838dcbd18cd65a37c35ac5a84. The patch is available via GitHub at https://github.com/8421bit/MiniClaw/pull/7. The fix replaces unsafe exec() string concatenation with spawn() using argument arrays, which eliminates shell interpretation of user input. If immediate patching is not feasible, temporarily disable the resolveSkillScriptPath function or restrict its use to trusted, pre-validated input only. An interim workaround involves validating and escaping all prompt input through a whitelist of allowed characters (alphanumerics, hyphens, underscores only) before passing to the cognitive pulse system, though this may break legitimate use cases and should only be used as a temporary measure. Network-level mitigation: restrict access to MiniClaw services to trusted internal networks only, as the AV:A vector requires adjacency. Monitor authentication logs for suspicious user account creation or privilege escalation attempts that could precede exploitation.
OS command injection in 8421bit MiniClaw's executeCognitivePulse function allows authenticated remote attackers to injec
Path traversal in MiniClaw's executeSkillScript function allows authenticated remote attackers to access files outside t
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28988
GHSA-hpxg-grhm-7fxc