nyldn/claude-octopus v9.7.3 on GitHub

local outside function — octopus-statusline.sh and scheduler-security-gate.sh used local at script scope, aborting under set -e. Broke bash statusline fallback and silently bypassed scheduler file path restrictions.
Atomic credential writes — writeBackCredentials uses temp + renameSync with mode: 0o600 to prevent concurrent session clobber of ~/.claude/.credentials.json.
Atomic cache writes — writeUsageCache uses temp + renameSync to prevent torn JSON.
Python injection — Bridge path in context-awareness.sh now passed via os.environ instead of string interpolation into python3 -c.
Unsafe /tmp glob removed — No longer falls back to ls -t /tmp/octopus-ctx-*.json. Exits cleanly when session ID is unset.
5 additional timeout guards — plan-mode-interceptor.sh, scheduler-security-gate.sh, sysadmin-safety-gate.sh, telemetry-webhook.sh, agent-teams-phase-gate.sh. Total: 10 hooks hardened.
HUD stdin timeout — readStdin() uses Promise.race with 5s guard.
contextBar clamp — Prevents RangeError on pct > 100.
Bridge file permissions — Written with umask 0177 (owner-only).

Full changelog: https://github.com/nyldn/claude-octopus/blob/main/CHANGELOG.md

To update: /plugin update octo@nyldn-plugins

nyldn/claude-octopus v9.7.3 v9.7.3 — Security hardening on GitHub