@openclaw/interchange

Shared .md interchange library for OpenClaw skills — atomic writes, deterministic serialization, YAML frontmatter, advisory locking, and schema validation. T...

This library is coherent with its stated purpose, but treat it as 'not ready for untrusted multi-process use' until fixes are applied. Before installing/use: - Prefer to vendor or audit the code yourself; the bundle includes the full source and an internal code review (CODEX_REVIEW.md) listing critical concurrency issues. - Set INTERCHANGE_ROOT to a dedicated directory (not $HOME or system directories) and run it with least privilege to prevent accidental writes to sensitive paths. - Do not rely on the advisory locking for strict mutual exclusion between untrusted processes; if you need strong locks, replace or augment with OS-level flock()/fcntl or a centralized lock service. - Review/fix the lock cleanup & fd lifecycle code (TOCTOU and fd/unlink semantics) and add path-assertion helpers so writes are constrained to the intended workspace. - Run the included test suite in your environment (especially on Windows/CRLF and concurrent-write tests) and consider additional tests for malicious path inputs. If you are not prepared to audit or patch the library, avoid using it in environments where concurrent writers or sensitive filesystem targets exist.

Type: OpenClaw Skill Name: openclaw-interchange Version: 1.0.0 The OpenClaw Interchange skill is classified as suspicious due to several critical vulnerabilities, primarily in its file locking and path handling mechanisms. The advisory file locking in `src/lock.js` is susceptible to race conditions during stale lock cleanup and PID reuse, which can lead to broken mutual exclusion and data integrity issues. Additionally, `src/indexer.js` and `src/io.js` exhibit potential path traversal vulnerabilities if `skillName` or `filePath` inputs are not strictly sanitized, allowing writes outside the designated `INTERCHANGE_ROOT`. The `rebuildIndex` function in `src/indexer.js` also contains a race condition by bypassing the robust locking mechanism for master index updates. While there is no evidence of intentional malicious behavior like data exfiltration or backdoor installation, these vulnerabilities could be exploited to cause data corruption, denial of service, or unauthorized file modifications.