OpenClaw suffers from a "self-attack" vulnerability: mistakenly executing Bash commands leads to key leakage

BlockBeats news, on March 5, Web3 security company GoPlus posted that the AI development tool OpenClaw recently experienced a "self-attack" security incident. During the execution of automated tasks, the system constructed an incorrect Bash command while calling a Shell command to create a GitHub Issue, accidentally triggering command injection and causing a large number of sensitive environment variables to be exposed.

In the incident, the AI-generated string contained set wrapped in backticks, which Bash interpreted as command substitution and automatically executed. Since Bash outputs all current environment variables when set is executed without parameters, more than 100 lines of sensitive information (including Telegram keys, authentication tokens, etc.) were directly written into the GitHub Issue and publicly released.

GoPlus recommends that in AI automated development or testing scenarios, API calls should be used instead of directly concatenating Shell commands, and the principle of least privilege should be followed to isolate environment variables. High-risk execution modes should be disabled, and manual review mechanisms should be introduced for critical operations.