OpenClaw Code Injection Vulnerability in Skill Environment Handler

A code injection vulnerability has been identified in OpenClaw version 2026.2.19-2. The issue arises in the 'applySkillConfigEnvOverrides' function within the Skill Environment Handler component. This vulnerability allows for the injection of harmful code by manipulating environment variables related to skills, which can then be executed in the application's runtime. The vulnerability can be exploited remotely, but requires access to modify OpenClaw's local configuration.

Impact

Exploitation of this vulnerability allows for the injection of dangerous process-level variables, such as 'NODE_OPTIONS', into the application's environment. This could potentially alter the behavior of the application or its child processes, leading to unauthorized code execution or other malicious actions.

Reproduction

To reproduce this vulnerability, first upload a skill that includes environment variable configurations. Ensure that the skill's metadata requires specific environment variables, such as 'OPENAI_API_KEY' or 'NODE_OPTIONS'. When the skill is applied, the 'applySkillEnvOverrides' function will transfer the declared environment variables into the host's process environment without proper safety checks. This oversight can be exploited to inject harmful variables that could manipulate the application's runtime or child processes.

Remediation

Users are advised to upgrade to OpenClaw version 2026.2.21-beta.1, which addresses this vulnerability by sanitizing skill environment overrides and blocking the injection of harmful host environment keys, including 'NODE_OPTIONS'.