GHSA-j9pv-rrcj-6pfx: 
OpenClaw (formerly Moltbot or Clawdbot) Analyse et atténuation des vulnérabilités

Summary

SSH-based sandbox backends pass unsanitized process.env to child processes

Current Maintainer Triage

• Status: narrow
• Normalized severity: low
• Assessment: Shipped SSH sandbox paths leaked unsanitized env into local SSH child processes, but remote leakage needs non-default SSH env forwarding, so lower to low.

Affected Packages / Versions

• Package: openclaw (npm)
• Latest published npm version: 2026.3.31
• Vulnerable version range: <=2026.3.28
• Patched versions: >= 2026.3.31
• First stable tag containing the fix: v2026.3.31

Fix Commit(s)

• cfe14459531e002a1c61c27d97ec7dc8aecddc1f — 2026-03-30T20:05:57+01:00OpenClaw thanks @AntAISecurityLab for reporting.