GoPlus Discloses Bash Injection Flaw in OpenClaw That Leaked Environment Keys to GitHub

Web3 security firm GoPlus disclosed a command injection vulnerability in its AI development tool OpenClaw that exposed sensitive environment variables to GitHub, ChainCatcher reports. The flaw occurred when an automated task constructed a malformed Bash command to open a GitHub Issue, allowing an AI-generated string containing a backtick-wrapped `set` command to execute as command substitution and publish over 100 lines of environment data—including Telegram keys and authentication tokens—in a public GitHub Issue. GoPlus recommends AI-driven workflows use API calls rather than Shell command concatenation, isolate environment variables under least-privilege models, disable high-risk execution modes, and add human review for critical actions.