You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Nov 7, 2025. It is now read-only.
## AstrBot Plugin Security Alert
Hello @lxfight,
Your plugin **astrbot_plugin_knowledge_base** (version v0.5.7) has been automatically delisted from the AstrBot Trusted Marketplace due to a potential security issue found during our automated audit.
**Reason:**
```
The plugin allows adding a file from a user-provided 'path_or_url'. This functionality is susceptible to Path Traversal vulnerabilities, potentially allowing users to read arbitrary files from the server's file system, and Server-Side Request Forgery (SSRF) by providing internal network URLs.
```
Please review the findings and push an updated version. The new version will be automatically re-audited.
Thank you,
The AstrBot Team
