Files
crewAI/lib/cli
Rip&Tear fac3e3579b Fix symlink path traversal in skill archive extraction (#6235)
* Fix symlink path traversal in skill archive extraction

`_safe_extractall` (the Python < 3.12 fallback used by `crewai skills`
archive unpacking) validated each member's *name* against the destination
but never validated symlink/hardlink *targets*. A malicious skill tarball
could plant a symlink escaping the destination (e.g. `link -> /home/user/.ssh`)
followed by a regular member written through it (`link/authorized_keys`),
escaping `dest` even though every member name resolves inside it — the
classic symlink-extraction traversal.

The 3.12+ path (`extractall(..., filter="data")`) already blocks this; the
fallback now mirrors it by rejecting absolute link targets and any link
target that resolves outside the destination directory.

Adds regression tests covering absolute and relative escaping symlinks plus
benign in-tree symlinks and ordinary archives.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* Harden skill cache archive extraction

* Reject special skill archive members

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-24 08:50:41 -07:00
..

crewai-cli

CLI for CrewAI — scaffold, run, deploy and manage AI agent crews without installing the full framework.

Installation

pip install crewai-cli

This pulls in crewai-core (shared utilities) but not the crewai framework itself, so commands that don't need a crew loaded — crewai version, crewai login, crewai org list, crewai config *, crewai traces *, crewai create, crewai template * — work standalone.

Commands that load a user's crew or flow (crewai run, crewai train, crewai test, crewai chat, crewai replay, crewai reset-memories, crewai deploy push, crewai tool publish) require crewai to be installed in the project's environment. They print a clear error if it is missing.

To install both at once:

pip install crewai[cli]