OpenClaw Approval Integrity Vulnerability in pnpm dlx Local Script Binding
Vulnerability
A vulnerability exists in OpenClaw versions prior to 2026.4.2, specifically within the pnpm dlx command. This vulnerability allows for an approval integrity bypass, as the tool fails to consistently bind local script operands in a way that aligns with pnpm exec workflows. As a result, an attacker could replace an approved local script with a modified version before execution, without disrupting the approval plan. This flaw enables the execution of altered script contents, creating a potential security risk.
Impact
Exploitation of this vulnerability could lead to unauthorized modifications of script contents being executed, under the guise of an approved script, thereby bypassing intended approval mechanisms.
Reproduction
To reproduce this vulnerability, first approve a local script using the 'pnpm dlx' command. After approval, replace the original script with a modified version. When the 'pnpm dlx' command is executed again, the modified script will run, despite the approval plan still being valid. This can be automated with a test that verifies the script replacement and successful execution of the modified content.
Remediation
Users can update to OpenClaw version 2026.4.2 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.