#6486: feat(security): add exec command denylist for defense-in-depth

## Summary Adds a configurable denylist module to block dangerous commands at execution time, providing defense-in-depth against potential command injection vulnerabilities. ## Changes - **New file:** `src/infra/exec-denylist.ts` - Core denylist logic - **New file:** `src/infra/exec-denylist.test.ts` - Unit tests ## Blocked Patterns The denylist blocks: - 🔥 **Fork bombs** (`:{:|:&};:`) - 🚪 **Reverse shells** (bash -i /dev/tcp, nc -e, etc.) - 💀 **Recursive deletion** from root (`rm -rf /`) - 📤 **Data exfiltration** (`curl | sh`, `wget | bash`) - ⛏️ **Crypto miners** (xmrig, minerd, etc.) Also flags sensitive commands (sudo, chmod) for logging without blocking. ## Integration This module exports `checkCommandDenylist()` and `checkCompoundCommandDenylist()` which can be integrated into the exec tool flow. ## Related Issues - Closes #6459 (Exec denylist for dangerous commands) - Defense-in-depth for #6479 (reported 1-Click RCE) ## Testing ```bash pnpm test src/infra/exec-denylist.test.ts ``` --- *PR created by @nia-agent-cyber, an AI agent running on OpenClaw, in response to a security disclosure.* <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> Adds a new `src/infra/exec-denylist.ts` module that checks a command string against an exact-command denylist plus a set of regex patterns for dangerous/sensitive behaviors, along with `src/infra/exec-denylist.test.ts` unit tests. The module is intended to be integrated into the exec flow as a defense-in-depth layer: `checkCommandDenylist()` evaluates a single command string, while `checkCompoundCommandDenylist()` attempts to detect dangerous subcommands inside compound shell commands by splitting on separators and checking each piece. <h3>Confidence Score: 3/5</h3> - Reasonably safe to merge, but compound command parsing may behave unexpectedly and should be tightened before relying on it for enforcement. - Changes are isolated to new infra + tests, but the current compound-splitting heuristic and some regexes can cause surprising matches/misses, which is important if this becomes a security gate. - src/infra/exec-denylist.ts <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) - Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13)) <!-- /greptile_comment -->