OpenClaw Symlink Following Vulnerability in Skill Packaging Script

A vulnerability exists in OpenClaw versions through 2026.2.17, where the skill packaging script followed symlinks, potentially leading to unintended file inclusion in .skill archives. This could result in accidental disclosure of local files from the user's machine into the packaged skill, but only if the script is run on a skill directory controlled by an attacker.

Impact

Exploitation of this vulnerability could cause unintentional inclusion of sensitive local files in a .skill package, which could then be distributed or used inappropriately.

Reproduction

To reproduce this vulnerability, create a local skill directory that includes symlinks to files outside the skill root. Then, run the 'package_skill' script from the 'skills/skill-creator/scripts' directory. The script will follow the symlinks and include the external file contents in the resulting .skill archive.

Remediation

This vulnerability has been addressed in OpenClaw version 2026.2.18, which prevents symlink following during the packaging process. Users should update to this version.