OpenClaw's incomplete host env sanitization blocklist allows supply-chain redirection via package-manager env overrides
Summary Host exec env override sanitization did not fail closed for several package-manager and related redirect variables that can steer dependency fetches or startup behavior. Impact An approved exec request could silently redirect package resolution or runtime bootstrap to attacker-controlled...
