| Titel | openclaw OpenClaw 2026.2.19-2 Code Injection |
|---|
| Beschreibung | Summary
applySkillConfigEnvOverrides previously copied skills.entries.*.env values into the host process.env without applying the host env safety policy.
Impact
In affected versions, dangerous process-level variables such as NODE_OPTIONS could be injected when unset, which can influence runtime/child-process behavior.
Required attacker capability
An attacker must be able to modify OpenClaw local state/config (for example ~/.openclaw/openclaw.json) to set skills.entries.<skill>.env or related skill config values.
Severity rationale
Per SECURITY.md, anyone who can modify ~/.openclaw config is already a trusted operator, and mutually untrusted operators sharing one host/config are out of scope. Because exploitation requires trusted-config write access in the documented model, this is classified as a medium defense-in-depth issue rather than a cross-boundary critical break.
Remediation
Fixed in 2026.2.21 by sanitizing skill env overrides and blocking dangerous host env keys (including NODE_OPTIONS) before applying overrides, with regression tests covering blocked dangerous keys. |
|---|
| Quelle | ⚠️ https://github.com/openclaw/openclaw/security/advisories/GHSA-82g8-464f-2mv7 |
|---|
| Benutzer | nedlir (UID 95981) |
|---|
| Einreichung | 28.02.2026 11:34 (vor 1 Monat) |
|---|
| Moderieren | 12.03.2026 07:46 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 350651 [OpenClaw 2026.2.19-2 Skill Env applySkillConfigenvOverrides erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|