Paperclip: Malicious skills able to exfiltrate and destroy all user data
- Severity:
- High
Description
An arbitrary code execution vulnerability in the workspace runtime service allows any agent to execute shell commands on the server, exposing all environment variables including API keys, JWT secrets, and database credentials.
Recommendation
Update the @paperclipai/server package to the latest compatible version. Followings are version details:
- Affected version(s): < 2026.416.0
- Patched version(s): 2026.416.0
References
Related Issues
- Paperclip: Unauthenticated Access to Multiple API Endpoints in Authenticated Mode - Vulnerability
- Paperclip: codex_local inherited ChatGPT/OpenAI-connected Gmail and was able to send real email - Vulnerability
- Paperclip: OS Command Injection via Execution Workspace cleanupCommand - Vulnerability
- Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys - Vulnerability
You might also like:
- Tags:
- npm
- @paperclipai/server
Anything's wrong? Let us know Last updated on April 16, 2026


