- SSRF protection in media fetch: block private IPs, localhost, link-local
addresses using ipaddr.js; manually follow redirects to validate each hop
- Path traversal protection in web media: allowlist ~/.clawdbot and tmpdir,
follow symlinks to prevent escape attacks
- Shell injection fix in CLI credentials: use spawnSync with argument arrays
instead of execSync with string interpolation
- Rate limiting for gateway auth: 5 failures = 1 minute lockout, prevents
brute-force attacks
- Tailscale auth failure tracking: record failures for whois mismatches
- Logger permissions: set 0o700 on log directory, warn if chmod fails
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
