| عنوان | openclaw OpenClaw 2026.2.19-2 Code Injection |
|---|
| الوصف | Summary
applySkillConfigEnvOverrides previously copied skills.entries.*.env values into the host process.env without applying the host env safety policy.
Impact
In affected versions, dangerous process-level variables such as NODE_OPTIONS could be injected when unset, which can influence runtime/child-process behavior.
Required attacker capability
An attacker must be able to modify OpenClaw local state/config (for example ~/.openclaw/openclaw.json) to set skills.entries.<skill>.env or related skill config values.
Severity rationale
Per SECURITY.md, anyone who can modify ~/.openclaw config is already a trusted operator, and mutually untrusted operators sharing one host/config are out of scope. Because exploitation requires trusted-config write access in the documented model, this is classified as a medium defense-in-depth issue rather than a cross-boundary critical break.
Remediation
Fixed in 2026.2.21 by sanitizing skill env overrides and blocking dangerous host env keys (including NODE_OPTIONS) before applying overrides, with regression tests covering blocked dangerous keys. |
|---|
| المصدر | ⚠️ https://github.com/openclaw/openclaw/security/advisories/GHSA-82g8-464f-2mv7 |
|---|
| المستخدم | nedlir (UID 95981) |
|---|
| ارسال | 28/02/2026 11:34 AM (2 أشهر منذ) |
|---|
| الاعتدال | 12/03/2026 07:46 AM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 350651 [OpenClaw 2026.2.19-2 Skill Env applySkillConfigenvOverrides تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|