Commit Graph

6 Commits

Author SHA1 Message Date
Nir Zadok
ad7cd8f44d fix(security): disable browser.evaluateEnabled by default
BREAKING CHANGE: browser.evaluateEnabled now defaults to false.

The evaluate feature allows arbitrary JavaScript execution in the browser
context via the /act endpoint (kind=evaluate) and wait --fn. This is a
powerful escape hatch for advanced automation but poses security risks:

- Prompt injection: LLM agents can be tricked into running malicious code
- Network exposure: If gateway is accessible, attackers can exfiltrate data
- Session hijacking: Code runs with access to cookies, localStorage, DOM

With this change:
- act:evaluate and wait --fn return 403 by default
- Users who need this feature can enable it explicitly:
  browser.evaluateEnabled: true

Built-in actions (click, type, screenshot, wait for text/URL, etc.) remain
fully functional and cover the vast majority of automation use cases.
2026-01-29 13:03:08 +02:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
78f0bc3ec0 fix(browser): gate evaluate behind config flag 2026-01-27 05:00:39 +00:00
Peter Steinberger
b2b331230b feat: mac node exec policy + remote skills hot reload 2026-01-16 03:45:06 +00:00
Peter Steinberger
c379191f80 chore: migrate to oxlint and oxfmt
Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com>
2026-01-14 15:02:19 +00:00
Peter Steinberger
bcbfb357be refactor(src): split oversized modules 2026-01-14 01:17:56 +00:00