DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-XW4P-PW82-HQR7: GHSA-xw4p-pw82-hqr7: Path Traversal in OpenClaw Skill Mirroring

#security #cve #cybersecurity #ghsa

GHSA-xw4p-pw82-hqr7: Path Traversal in OpenClaw Skill Mirroring

Vulnerability ID: GHSA-XW4P-PW82-HQR7
CVSS Score: High
Published: 2026-03-02

A critical path traversal vulnerability exists in the OpenClaw (Moltbot) AI agent framework within its skill mirroring mechanism. The vulnerability allows a malicious actor to escape the intended sandbox environment by manipulating skill metadata. Specifically, the syncSkillsToWorkspace function improperly constructs file destination paths using unvalidated user input, enabling arbitrary file writes to the host filesystem.

TL;DR

OpenClaw's skill syncing logic fails to sanitize skill names, allowing malicious skills to write files outside the sandbox directory via path traversal characters.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-22
  • Vulnerability Type: Path Traversal
  • Severity: High
  • Attack Vector: Network / File Input
  • Impact: Arbitrary File Write / Sandbox Escape
  • Patch Date: 2026-02-13

Affected Systems

  • OpenClaw (Moltbot) Framework
  • Applications consuming the openclaw npm package
  • openclaw: < 2026.2.13 (Fixed in: 2026.2.13)

Code Analysis

Commit: 3eb6a31

Fix path traversal in skill mirroring by resolving destination path safely

function resolveSyncedSkillDestinationPath(...) { ... return resolveSandboxPath({...}).resolved; }
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Input Sanitization: Validate all user-supplied filenames and paths against a strict allowlist.
  • Path Normalization: Use secure path resolution libraries that explicitly check if the resolved path starts with the intended root directory.
  • Principle of Least Privilege: Run the agent process with the minimum necessary filesystem permissions.

Remediation Steps:

  1. Update OpenClaw to the latest version (patched on Feb 13, 2026).
  2. Verify that the syncSkillsToWorkspace function utilizes resolveSandboxPath.
  3. Audit existing skills for suspicious naming conventions in SKILL.md metadata.

References

Read the full report for GHSA-XW4P-PW82-HQR7 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)