OpenClaw Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection Vulnerability

A vulnerability exists in OpenClaw versions 2026.2.22 prior to 2026.4.12, allowing attackers to inject environment variable assignments at the argv level. This injection can bypass the execution preflight handling, manipulating high-risk shell variables such as SHELLOPTS and PS4. The vulnerability arises from inadequate detection of shell-wrapper invocations, particularly in how environment assignments are handled within the command arguments.

Impact

Exploitation of this vulnerability can lead to unauthorized manipulation of shell environment variables, potentially altering the execution behavior of commands and bypassing security controls that rely on these environment settings.

Reproduction

To reproduce this vulnerability, invoke a command using a shell wrapper that includes environment variable assignments in the argv. Ensure the command is executed in a context where the OpenClaw version is vulnerable, such as in a Windows environment with cmd.exe.

Remediation

Users are advised to upgrade to OpenClaw version 2026.4.12 or later. The latest version available on npm, 2026.4.14, includes the necessary fix.