OpenClaw has a Path Traversal in Plugin Installation

Summary OpenClaw's plugin installation path derivation could be abused by a malicious plugin package.json name to escape the intended extensions directory and write files to a parent directory. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.1.20, = 2026.2.1 - Latest...