GHSA-9868-VXMX-W862 OpenClaw's system.run allowlist bypass via shell line-continuation command substitution
Summary In OpenClaw system.run allowlist mode, shell-wrapper analysis could be bypassed by splitting command substitution as $\ + newline + inside double quotes. Analysis treated the payload as allowlisted for example /bin/echo, while shell runtime folded the line continuation into $... and...