- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
- Earn
- More
OpenClaw has a self-attack vulnerability that mistakenly executes Bash commands, leading to key leakage
Web3 security company GoPlus stated that the AI development tool OpenClaw has recently been reported to have experienced a self-attack security incident. During the execution of automated tasks, the system constructed an incorrect Bash command while calling Shell commands to create a GitHub Issue, inadvertently triggering command injection, which led to the exposure of a large number of sensitive environment variables.
In the incident, the AI-generated string contained a set wrapped in backticks, which was interpreted by Bash as command substitution and executed automatically. Since Bash outputs all current environment variables when executing set without parameters, this ultimately resulted in over 100 lines of sensitive information (including Telegram keys, authentication tokens, etc.) being directly written to the GitHub Issue and publicly published. GoPlus recommends that in AI automation development or testing scenarios, API calls should be used instead of directly concatenating Shell commands, and the principle of least privilege should be followed to isolate environment variables. Additionally, high-risk execution modes should be disabled, and a manual review mechanism should be introduced for critical operations.
You may also like
Who is the true winner of the "Tokenization" narrative?
Moss: The Era of AI-Traded by Anyone | Project Introduction
Chip Smuggling Case Exposes Regulatory Loophole | Rewire News Evening Update
How a Structured AI Crypto Trading Bot Won at the WEEX Hackathon
Ritmex demonstrates how disciplined risk control and structured signals can make an AI crypto trading bot more stable and reliable on WEEX, highlighting the importance of combining execution discipline with scalable AI trading systems.
Old Indicator Fails, Three Major New Signals Emerge: BTC True Bottom May Still Be Below $60K
Meeting OpenClaw Founder at a Hackathon: What Else Can Lobsters Do?
Huang Renxun's Latest Podcast Transcript: NVIDIA's Future, Embodied Intelligence and Agent Development, Soaring Demand for Inferencing, and AI's PR Crisis
How a Structured AI Crypto Trading Bot Won at the WEEX Hackathon
Crypto_Trade shows how structured inputs and controlled adaptability can build a more stable and reliable AI crypto trading bot within the WEEX AI Trading Hackathon, highlighting a practical path toward scalable AI trading systems.
AI Starts to Devour the Manufacturing Industry | Rewire News Morning Edition
When Scaling Meets Speed, Ethereum Foundation Introduces "Hardness" to Safeguard the Base Layer
Google, Circle, Stripe Flock Together to Let AI Spend Money: Payment Giants' Joys and Worries in 2026 Q1
$100 Billion Factory Purchase: Bezos and Middle Eastern Capital Shift AI Money from Cloud to Shop Floor
Xiaomi and MiniMax both unleash their ultimate moves, signaling the start of the Agent Pricing War.
Predicting markets has taken the spotlight, but the Perp DEX has been quietly waging war on traditional exchanges.
Is the Market Slump Still Making Millions a Day? Is pump.fun's Revenue Real?
Understanding x402 and MPP in One Article: The Two Paths of Agent Payments
Quick Look at the Latest 18 Graduation Projects from Alliance: Who's the Next Pump.fun?
It's not just the prediction market that profits from the Iraq War
Who is the true winner of the "Tokenization" narrative?
Moss: The Era of AI-Traded by Anyone | Project Introduction
Chip Smuggling Case Exposes Regulatory Loophole | Rewire News Evening Update
How a Structured AI Crypto Trading Bot Won at the WEEX Hackathon
Ritmex demonstrates how disciplined risk control and structured signals can make an AI crypto trading bot more stable and reliable on WEEX, highlighting the importance of combining execution discipline with scalable AI trading systems.
App