| Título | openclaw OpenClaw 2026.2.19-2 Code Injection |
|---|
| Descrição | Summary
applySkillConfigEnvOverrides previously copied skills.entries.*.env values into the host process.env without applying the host env safety policy.
Impact
In affected versions, dangerous process-level variables such as NODE_OPTIONS could be injected when unset, which can influence runtime/child-process behavior.
Required attacker capability
An attacker must be able to modify OpenClaw local state/config (for example ~/.openclaw/openclaw.json) to set skills.entries.<skill>.env or related skill config values.
Severity rationale
Per SECURITY.md, anyone who can modify ~/.openclaw config is already a trusted operator, and mutually untrusted operators sharing one host/config are out of scope. Because exploitation requires trusted-config write access in the documented model, this is classified as a medium defense-in-depth issue rather than a cross-boundary critical break.
Remediation
Fixed in 2026.2.21 by sanitizing skill env overrides and blocking dangerous host env keys (including NODE_OPTIONS) before applying overrides, with regression tests covering blocked dangerous keys. |
|---|
| Fonte | ⚠️ https://github.com/openclaw/openclaw/security/advisories/GHSA-82g8-464f-2mv7 |
|---|
| Utilizador | nedlir (UID 95981) |
|---|
| Submissão | 28/02/2026 11h34 (há 2 meses) |
|---|
| Moderação | 12/03/2026 07h46 (12 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 350651 [OpenClaw 2026.2.19-2 Skill Env applySkillConfigenvOverrides Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|