OpenClaw Arbitrary Code Execution Vulnerability in Plugin Setup Resolver

A vulnerability allowing arbitrary code execution has been identified in OpenClaw versions prior to 2026.4.23. The issue arises in the bundled plugin setup resolver, which improperly loads the setup-api.js file from the current working directory during the resolution of provider setup metadata. This flaw allows attackers to execute arbitrary JavaScript under the current user account. Exploitation involves placing a malicious setup-api.js file in a specific directory and convincing the user to execute OpenClaw commands from there.

Impact

Successful exploitation allows attackers to execute arbitrary JavaScript in the OpenClaw process, under the current user account. This could lead to unauthorized actions or access to sensitive information, depending on the executed code.

Reproduction

To reproduce this vulnerability, create a malicious 'setup-api.js' file containing arbitrary JavaScript code and place it in the 'extensions/<plugin>/' directory of an OpenClaw repository. Then, run an OpenClaw command from that directory. The malicious code will be executed during the provider setup resolution process.

Remediation

Users can update to OpenClaw version 2026.4.23 or later, where this vulnerability has been fixed.