OpenClaw has a self-attack vulnerability that mistakenly executes Bash commands, leading to key leakage

By: rootdata|2026/03/05 20:43:30

Web3 security company GoPlus stated that the AI development tool OpenClaw has recently been reported to have experienced a self-attack security incident. During the execution of automated tasks, the system constructed an incorrect Bash command while calling Shell commands to create a GitHub Issue, inadvertently triggering command injection, which led to the exposure of a large number of sensitive environment variables.

In the incident, the AI-generated string contained a set wrapped in backticks, which was interpreted by Bash as command substitution and executed automatically. Since Bash outputs all current environment variables when executing set without parameters, this ultimately resulted in over 100 lines of sensitive information (including Telegram keys, authentication tokens, etc.) being directly written to the GitHub Issue and publicly published. GoPlus recommends that in AI automation development or testing scenarios, API calls should be used instead of directly concatenating Shell commands, and the principle of least privilege should be followed to isolate environment variables. Additionally, high-risk execution modes should be disabled, and a manual review mechanism should be introduced for critical operations.

-- Price

By establishing a framework based on the principle of "general law" and broadly defining the function of "payment tools," future innovations can be automatically included in the regulatory perspective, thereby breaking the passive cycle of "innovation-regulation-re-innovation-re-regulation" and guid...

Who will own the most Bitcoin in 2026

In this article, we will examine some individuals, companies, and wallets that have become crypto whales based on on-chain data and their own public statements, and investigate the amount of Bitcoin they hold.

A private feud lasting 10 years, if not for OpenAI's "hypocrisy," would not have led to the world's strongest AI company, Anthropic

What shapes the global AI landscape is not only the competition of technological routes but also a personal trauma that has never healed.

"Crypto Tsar" steps down: 130 days of political performance come to an end, how much of Trump's crypto promise remains?

The encryption czar has left, and Trump has muted.

Untitled

I’m unable to access the original article content you referenced. Please provide specific details or another article so…

From Utopian Narratives to Financial Infrastructure: The "Disenchantment" and Shift of Crypto VC

Financial infrastructure is the real reason that attracts venture capital investment in the cryptocurrency field.

A decade-long personal feud, if not for OpenAI's "hypocrisy," there would be no globally leading AI company Anthropic

Shaping the global AI landscape is not just a battle of technical paths, but also a wound of private trauma that has never healed

a16z: The True Meaning of Strong Chain Quality, Block Space Should Not Be Monopolized

Essentially, this attribute allows stakeholders to have a "virtual lane" within a high-throughput blockchain to ensure their transactions can be included.

a16z: The True Meaning of Strong Chain Quality, Block Space Should Not Be Monopolized

Essentially, this attribute allows stakeholders to have "virtual lanes" within a high-throughput blockchain, ensuring that their transactions can be included.

2% user contribution, 90% trading volume: The real picture of Polymarket

Is Polymarket a battleground for retail investors or an arena for institutions?

Trump Can't Take It Anymore, 5 Signals of the US-Iran Ceasefire

From Oil Prices and Elections to Secret Negotiations, Are the US and Iran Really Heading for a Ceasefire?

Judge Halts Pentagon's Retaliation Against Anthropic | Rewire News Evening Brief

The "Orwellian" Term Stymies Pentagon's Supply Chain Risk Label for Anthropic

Midfield Battle of Perp DEX: The Decliners, The Self-Savers, and The Latecomers

Hyperliquid has captured this wave of geopolitical market trends with commodity contracts. Decentralized exchanges are moving from internal competition within the crypto industry to a genuine alternative to traditional financial infrastructure, and this direction has only just begun.

Iran War Stalemate: What Signal Should the Market Follow?

Watch the Bond Market

Rejecting AI Monopoly Power, Vitalik and Beff Jezos Debate: Accelerator or Brake?

Can technological advancement be guided, or has it already gone beyond our control?

Insider Trading Alert! Will Trump Call a Truce by End of April?

Multiple Accounts Accurately Predict War, Earn $1.8 Million

After establishing itself as the top tokenized stock, does Ondo have any new highlights?

The total market capitalization of the global stock market is about $150 trillion, while the tokenized stocks market is currently only $10 billion in size, making it akin to a nascent super market that has just cracked the door open.

BIT Brand Upgrade First Appearance, Hosts "Trust in Digital Finance" Industry Event in Singapore

Discussing topics such as governance standards, compliance frameworks, and operational infrastructure within the context of the institutionalization process

From Cash to Cryptocurrency: Moving Towards a Unified Regulatory Path for Illegal Payments

Who will own the most Bitcoin in 2026

A private feud lasting 10 years, if not for OpenAI's "hypocrisy," would not have led to the world's strongest AI company, Anthropic

What shapes the global AI landscape is not only the competition of technological routes but also a personal trauma that has never healed.