GHSA-7ff8-xjh3-mgh6: OpenClaw's non-default autoAllowSkills setting could bypass on-miss exec prompt

March 3, 2026

In openclaw versions up to and including 2026.2.22-2, a non-default exec-approval configuration could allow a skill-name collision to bypass an ask=on-miss prompt.

When autoAllowSkills=true, a path-scoped executable such as ./skill-bin could resolve to basename skill-bin, satisfy the skills allowlist segment, and run without prompting for approval.

References

github.com/advisories/GHSA-7ff8-xjh3-mgh6
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/ffd63b7a2c4c6d5aeb4710ef951d5794ad7ad77b
github.com/openclaw/openclaw/security/advisories/GHSA-7ff8-xjh3-mgh6

Code Behaviors & Features

Detect and mitigate GHSA-7ff8-xjh3-mgh6 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →