OpenClaw: OpenShell mirror mode could delete arbitrary remote directories when roots were mis-scoped
OpenShell mirror mode accepted arbitrary absolute remote workspace roots, allowing mirror cleanup and overwrite operations to target unintended remote directories when `remoteWorkspaceDir` or `remoteAgentWorkspaceDir` were mis-scoped.
extensions/openshell/src/config.ts
The fix adds managed-root checks for `remoteWorkspaceDir` and `remoteAgentWorkspaceDir`. In the vulnerable revision, config resolution appears to accept any absolute remote path and return it for later mirror-sync use.
extensions/openshell/src/backend.ts
The advisory says mirror mode uses the configured remote workspace paths as targets for remote cleanup and overwrite operations, so the backend mirror-sync implementation is the likely consumer of the vulnerable config values.