back
loading skill details...
Security advisory for OrderCLI — 2 high/critical issues found on 2026-05-07T09:15:31Z
---
name: ordercli-security-advisory
description: "Security advisory for OrderCLI — 2 high/critical issues found on 2026-05-07T09:15:31Z"
version: "0.1.0"
metadata: {"type":"security-advisory","critical":0,"high":2,"medium":2}
---
# OrderCLI Security Advisory
**Date:** 2026-05-07T09:15:31Z
## Summary
Audit of `/root/.openclaw/workspace/ordercli` found **2** high/critical issues.
- 🔴 Critical: 0
- 🟠 High: 2
- 🟡 Medium: 2
## Findings
- 🟡 MEDIUM: Some CRUD-like functions lack visible auth checks — manual review recommended
- 🟠 HIGH: JSON is loaded without schema validation (1 json.load(s) calls, 0 validators)
- 🟡 MEDIUM: File operations without try/except error handling
- 🟠 HIGH: orders.json contains 3 PII field(s) — ensure access is restricted
## Recommended Actions
1. Fix all critical issues before any production deployment
2. Rotate any exposed credentials immediately
3. Add input validation and parameterized queries
4. Restrict file permissions on data files containing PII
5. Re-run audit after fixes: `./run-audit.sh /root/.openclaw/workspace/ordercli`
---
*Auto-generated by run-audit.sh*
don't have the plugin yet? install it then click "run inline in claude" again.