VYPR

Rtk

by Rtk AI

Source repositories

CVEs (3)

  • CVE-2026-54555Jun 23, 2026
    risk 0.00cvss epss 0.00

    rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command…

  • CVE-2026-55249Jun 23, 2026
    risk 0.00cvss epss 0.00

    @rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync() template string without shell-safe…

  • CVE-2026-45792May 20, 2026
    risk 0.00cvss epss 0.00

    RTK (Rust Token Killer) improperly trusts project-local configuration files. In versions prior to 0.32.0, RTK automatically loads `.rtk/filters.toml` from the working directory with highest priority and without user notification. An attacker can place a malicious filter file in…