GHSA-m3mh-3mpg-37hw: OpenClaw has an Arbitrary Malicious Code Execution Vulnerability
highvulnerability
security
Source: GitHub Advisory DatabaseMarch 30, 2026
Summary
OpenClaw has a vulnerability where malicious plugins or hooks can execute arbitrary code during installation. An attacker can create a `.npmrc` file (npm's configuration file) in a malicious plugin or hook directory that redirects the git executable to a malicious program, which gets executed when OpenClaw runs `npm install` during the installation phase.
Solution / Mitigation
Fixed in OpenClaw 2026.3.24, the current shipping release.
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Affected Packages
openclaw@<= 2025.3.23 (fixed: 2026.3.24)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-m3mh-3mpg-37hw
First tracked: March 30, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 75%