GHSA-xw4p-pw82-hqr7: OpenClaw's sandbox skill mirroring path traversal vulnerability could write outside the sandbox workspace

March 2, 2026

Files may be written outside the sandbox workspace root (within the permissions of the user running OpenClaw).

References

github.com/advisories/GHSA-xw4p-pw82-hqr7
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/3eb6a31b6fcf8268456988bfa8e3637d373438c2
github.com/openclaw/openclaw/security/advisories/GHSA-xw4p-pw82-hqr7

Code Behaviors & Features

Detect and mitigate GHSA-xw4p-pw82-hqr7 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →