OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)
Command hijacking via PATH handling Discovered: 2026-02-04 Reporter: @akhmittra Summary OpenClaw previously accepted untrusted PATH sources in limited situations. In affected versions, this could cause OpenClaw to resolve and execute an unintended binary "command hijacking" when running host...