OpenClaw Command Injection Vulnerability in Contributor Update Script

A command injection vulnerability has been identified in OpenClaw, a personal AI assistant, specifically in versions 2026.1.8 prior to 2026.2.14. The issue resides in the maintainer script 'scripts/update-clawtributors.ts', which is executed using 'bun'. The vulnerability affects contributors and maintainers who run the script in a source checkout containing a malicious commit author email, such as crafted '@users.noreply.github.com' values. When the script is run, it derives a GitHub login from the author metadata and interpolates it into a shell command. This allows for the injection of shell metacharacters, executing arbitrary commands. Normal CLI usage is not impacted, as this script is not part of the distributed CLI and is not run during regular operations.

Impact

Exploitation of this vulnerability allows for command injection, where arbitrary commands can be executed on the system running the affected script.

Reproduction

To reproduce this vulnerability, check out a version of OpenClaw between 2026.1.8 and 2026.2.13. Ensure that the Git commit history includes a malicious author email, such as one crafted to appear as coming from '@users.noreply.github.com'. Then, run the command 'bun scripts/update-clawtributors.ts'. The script will execute with the injected command, demonstrating the command injection vulnerability.

Remediation

Users can update to OpenClaw version 2026.2.14 or later, where this vulnerability has been patched.