sneak/AutistMask
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

security: fix high-severity findings from audit (closes #6) #7

Merged
sneak merged 8 commits from fix/high-severity-security into main 2026-02-27 20:56:43 +01:00
Conversation 1 Commits 8 Files Changed 6 +85 -12

8 Commits

Author SHA1 Message Date
Jeffrey Paul
b01df0639b Merge branch 'main' into fix/high-severity-security
All checks were successful
check / check (push) Successful in 21s
Details
2026-02-27 20:56:09 +01:00
clawbot
eec96f9054 security: clear decrypted secrets after use (best-effort)
All checks were successful
check / check (push) Successful in 21s
Details
2026-02-27 11:36:56 -08:00
clawbot
f13cd0fd47 security: add TODO comments for password plaintext over runtime.sendMessage 2026-02-27 11:36:19 -08:00
clawbot
b478d9efa9 security: validate sender URL for popup-only messages 2026-02-27 11:35:42 -08:00
clawbot
d59ebfd461 security: derive RPC origin from sender instead of trusting msg.origin 2026-02-27 11:35:31 -08:00
clawbot
13e2bdb0b0 security: add prominent danger warning for eth_sign requests 2026-02-27 11:35:21 -08:00
clawbot
95314ff229 security: replace predictable sequential approval IDs with crypto.randomUUID() 2026-02-27 11:34:48 -08:00
clawbot
1237cf8491 security: increase minimum password length from 8 to 12 characters 2026-02-27 11:34:32 -08:00