GHSA-6rcp-vxwf-3mfp: OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

March 3, 2026

In openclaw up to and including 2026.2.23 (latest npm release as of February 25, 2026), system.run shell-wrapper inputs could present misleading approval/display text while still carrying hidden positional argv payloads that execute at runtime.

References

github.com/advisories/GHSA-6rcp-vxwf-3mfp
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/0f0a680d3df81739ea5088a2f88e65f938b7936b
github.com/openclaw/openclaw/commit/55cf92578d266987e390c4bf688196af98eac748
github.com/openclaw/openclaw/security/advisories/GHSA-6rcp-vxwf-3mfp

Code Behaviors & Features

Detect and mitigate GHSA-6rcp-vxwf-3mfp with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →