Install
openclaw skills install ordercli-security-advisoryOrderCLI Security Advisory
Security advisory for OrderCLI — 2 high/critical issues found on 2026-05-07T09:15:31Z
Audits
PassOrderCLI Security Advisory
Date: 2026-05-07T09:15:31Z
Summary
Audit of /root/.openclaw/workspace/ordercli found 2 high/critical issues.
- 🔴 Critical: 0
- 🟠 High: 2
- 🟡 Medium: 2
Findings
- 🟡 MEDIUM: Some CRUD-like functions lack visible auth checks — manual review recommended
- 🟠 HIGH: JSON is loaded without schema validation (1 json.load(s) calls, 0 validators)
- 🟡 MEDIUM: File operations without try/except error handling
- 🟠 HIGH: orders.json contains 3 PII field(s) — ensure access is restricted
Recommended Actions
- Fix all critical issues before any production deployment
- Rotate any exposed credentials immediately
- Add input validation and parameterized queries
- Restrict file permissions on data files containing PII
- Re-run audit after fixes:
./run-audit.sh /root/.openclaw/workspace/ordercli
Auto-generated by run-audit.sh