fix(skills): exempt managed skills from path escaping checks on WSL (#44051)#539
Open
BingqingLyu wants to merge 5 commits intomainfrom
Open
fix(skills): exempt managed skills from path escaping checks on WSL (#44051)#539BingqingLyu wants to merge 5 commits intomainfrom
BingqingLyu wants to merge 5 commits intomainfrom
Conversation
openclaw#43704) When the agent produces multiple independent final replies, the streaming card incorrectly merged content from the second reply into the first card. This fix uses a closePromise pattern to prevent concurrent close() calls from executing simultaneously. The first close() call stores its promise and subsequent calls return the same promise, ensuring exactly one execution. Changes: - Replace finalDelivered flag with closePromise pattern - Refactor close() to use _doClose() for actual logic - Prevent race condition on concurrent close() calls Fixes openclaw#43704
…-tool (openclaw#44077) When editing a workspace file from the sandbox, the file permissions were being reset to 0600 (from the temp file creation), causing normal OpenClaw file tools to fail with EACCES on the host side. This fix preserves the original file permissions by: 1. Reading the original file's mode before creating temp file 2. Applying the original mode to the temp file before atomic replace 3. Gracefully handling cases where the file doesn't exist or fchmod fails Changes: - Modified write_atomic() to preserve original file permissions - Added try/except blocks for safe permission handling Fixes openclaw#44077
…penclaw#44051) Managed skills installed via clawhub to ~/.openclaw/skills were being rejected on WSL due to path escaping checks. The validation was comparing resolved realpaths, which can differ on WSL due to symlink resolution (e.g., /home/user → /mnt/c/Users). This fix exempts managed skills (source: openclaw-managed) from the path escaping validation, as they are installed to a well-known location and should not be subject to symlink resolution issues. Changes: - Add exemption for openclaw-managed skills in resolveContainedSkillPath() - Managed skills now bypass path escaping checks Fixes openclaw#44051
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Managed skills installed via
clawhubto~/.openclaw/skillswere being rejected on WSL with the error "Skipping skill path that resolves outside its configured root". This occurred even for freshly installed official skills.Root Cause
The path validation in
resolveContainedSkillPath()compares resolved realpaths usingisPathInside(). On WSL, symlink resolution can produce different paths (e.g.,/home/user→/mnt/c/Users), causing the validation to fail even for valid managed skill paths.Solution
Exempt managed skills (source:
openclaw-managed) from the path escaping validation. Managed skills are installed to a well-known location (~/.openclaw/skills) and should not be subject to symlink resolution issues.Changes
resolveContainedSkillPath()insrc/agents/skills/workspace.tsopenclaw-managedskills before path escaping checkImpact
Fixes openclaw#44051