js · openclawHeads-up
openclaw exec allowlist may miss wrapper side effects
Exec allowlist could miss side effects from transparent command wrappers, allowing wrapper-level side effects outside the intent of the allowlisted command.
What changed
Exec allowlist could miss side effects from transparent command wrappers, allowing wrapper-level side effects outside the intent of the allowlisted command.
Who it affects
Operators using the exec allowlist feature with transparent command wrappers, especially when lower-trust input can reach that path.
What to do today
Review wrapper commands carefully and require approval for shell-like wrapper usage until patched. Disable the affected feature if not needed.
The trail
Collected→
Audited→
Written→
Published