| Title | openclaw OpenClaw 2026.2.19-2 Code Injection |
|---|
| Description | Summary
applySkillConfigEnvOverrides previously copied skills.entries.*.env values into the host process.env without applying the host env safety policy.
Impact
In affected versions, dangerous process-level variables such as NODE_OPTIONS could be injected when unset, which can influence runtime/child-process behavior.
Required attacker capability
An attacker must be able to modify OpenClaw local state/config (for example ~/.openclaw/openclaw.json) to set skills.entries.<skill>.env or related skill config values.
Severity rationale
Per SECURITY.md, anyone who can modify ~/.openclaw config is already a trusted operator, and mutually untrusted operators sharing one host/config are out of scope. Because exploitation requires trusted-config write access in the documented model, this is classified as a medium defense-in-depth issue rather than a cross-boundary critical break.
Remediation
Fixed in 2026.2.21 by sanitizing skill env overrides and blocking dangerous host env keys (including NODE_OPTIONS) before applying overrides, with regression tests covering blocked dangerous keys. |
|---|
| Source | ⚠️ https://github.com/openclaw/openclaw/security/advisories/GHSA-82g8-464f-2mv7 |
|---|
| User | nedlir (UID 95981) |
|---|
| Submission | 02/28/2026 11:34 (1 month ago) |
|---|
| Moderation | 03/12/2026 07:46 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 350651 [OpenClaw 2026.2.19-2 Skill Env applySkillConfigenvOverrides code injection] |
|---|
| Points | 20 |
|---|