## MEDIUM: Nemoclaw.js `deploy()` Function Exposes Shell Injection via Unvalidated `instanceName`
A security flaw in the Nemoclaw.js command-line tool exposes its `deploy()` function to potential OS command injection. The vulnerability stems from the `instanceName` parameter, which is passed directly from `process.argv` into eight separate shell commands without validation or escaping. This user-controlled input is interpolated into commands on lines 130, 140, 152, 153, 162, 166, 170, and 176 of the `bin/nemoclaw.js` file, creating a direct path for shell metacharacter execution.

The issue is classified as CWE-78 (OS Command Injection) with a Medium severity rating. The risk is specifically tied to operator-controlled input, as the `instanceName` is sourced from command-line arguments (line 402: `const [cmd, ...args] = process.argv.slice(2)` and dispatched at line 417: `deploy(args[0])`). Notably, the codebase already contains a `shellQuote()` utility function defined on line 31, but it is not utilized for sanitizing this input, representing a clear oversight in the implementation's security posture.

While the severity is rated Medium and not Critical, this remains a significant defense-in-depth failure. The primary mitigating factor is that exploitation requires a malicious or compromised operator with direct access to run the tool, as `process.argv` is not a remotely exploitable vector. However, the presence of this unmitigated injection path increases the attack surface for privilege escalation or lateral movement within an environment where the tool is used, especially in automated or scripted deployment scenarios. The active status of this issue indicates it has not yet been patched.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: security, vulnerability, command-injection, javascript, devops
- **Credibility**: unverified
- **Published**: 2026-04-20 22:23:02
- **ID**: 73131
- **URL**: https://whisperx.ai/en/intel/73131