GitHub

Unauthenticated arbitrary S3 object write via unsanitized fileName in generate-upload-url ...

The default file-input block has allowedFileTypes disabled, so the check is skipped entirely; even when enabled, the attacker simply declares an allowed MIME (fileType) while uploading an .html body ...
GitHub

Sehab121/awesome-openclaw-skills-CN

Discover and access 2,868 categorized OpenClaw skills with Chinese support, easing development without language barriers or complex setup. - Sehab121/awesome-openclaw-skills-CN ...