What happened
NVD published a medium-severity (CVSS 5.3) incomplete-blacklist vulnerability in SafestClaw's shell command validation logic used to guard AI-agent-initiated shell actions.
Why it matters
SafestClaw's name implies it is meant to safely constrain agent shell access; an incomplete blacklist in its core validation function undermines the tool's core safety guarantee for any AI agent using it to execute shell commands.
Attack vector
The ShellAction._validate_command function in src/safestclaw/actions/shell.py, part of the Built-in Web Interface component, relies on an incomplete blacklist to restrict shell commands, allowing an attacker with local/adjacent access to craft commands that evade the filter.
Affected systems
princezuda SafestClaw up to 4.2.4
Mitigation
No official patch confirmed at disclosure time; replace blacklist-based command filtering with an allowlist approach.