Description
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/package_skill.py (a local helper script used when authors package skills) previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory containing symlinks to files outside the skill root, the resulting archive can include unintended file contents. If exploited, this vulnerability can lead to potential unintentional disclosure of local files from the packaging machine into a generated .skill artifact, but requires local execution of the packaging script on attacker-controlled skill contents. This issue has been fixed in version 2026.2.18.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
https://github.com/openclaw/openclaw/security/advisories/GHSA-r6h2-5gqq-v5v6
Issue Tracking x_refsource_misc
https://github.com/openclaw/openclaw/pull/20796
Patch x_refsource_misc
https://github.com/openclaw/openclaw/commit/c275932aa4230fb7a8212fe1b9d2a18424874b3f
Patch x_refsource_misc
https://github.com/openclaw/openclaw/commit/ee1d6427b544ccadd73e02b1630ea5c29ba9a9f0
Release Notes x_refsource_misc
https://github.com/openclaw/openclaw/releases/tag/v2026.2.19
Scores
CVSS v3
4.4
EPSS
0.0022
EPSS Percentile
12.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-61
Status
published
Products (2)
npm/openclaw
0 - 2026.2.19npm
openclaw/openclaw
< 2026.2.17
Published
Feb 21, 2026
Tracked Since
Feb 21, 2026