[Phase 1.2.3] Replace os.system() with subprocess.run()

## Phase
`Phase 1 — Critical Security` | Track 1.2 — Execution Controls | Priority: **P1 MEDIUM**

## Vulnerability Details
**File:** `operator_use/agent/tools/builtin/control_center.py:128`
**CWE:** [CWE-78](https://cwe.mitre.org/data/definitions/78.html)

\`os.system()\` spawns a shell and is vulnerable to injection. Replace with \`subprocess.run()\`.

## Fix
\`\`\`python
# Before
os.system("cls" if os.name == "nt" else "clear")

# After
subprocess.run(["cls" if os.name == "nt" else "clear"], shell=False, check=False)
\`\`\`

## Acceptance Criteria
- [ ] All \`os.system()\` calls replaced with \`subprocess.run()\`
- [ ] No shell=True anywhere
- [ ] Bandit scan passes (no B605/B607 warnings)

## References
- [CWE-78](https://cwe.mitre.org/data/definitions/78.html)
- [Bandit B605](https://bandit.readthedocs.io/en/latest/plugins/b605_start_process_with_a_shell.html)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Phase 1.2.3] Replace os.system() with subprocess.run() #19

Phase

Vulnerability Details

Fix

Before

After

Acceptance Criteria

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Phase 1.2.3] Replace os.system() with subprocess.run() #19

Description

Phase

Vulnerability Details

Fix

Before

After

Acceptance Criteria

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions