OpenClaw patches .npmrc override leading to install-time code execution
TL;DR — Installing local OpenClaw plugins/hooks can execute attacker-chosen programs if the plugin bundle includes a crafted .npmrc that overrides npm’s git executable.
What happened
OpenClaw is an npm-distributed tool (pkg:npm/openclaw) that supports installing local plugins and hook packs via its CLI.
CVE-2026-35641 describes an arbitrary code execution issue in OpenClaw’s local plugin/hook installation flow: during installation, OpenClaw runs npm install in a staged package directory. If an attacker can introduce an attacker-controlled .npmrc into the staged directory, they can set a git executable override and then use a git-based dependency to cause npm to invoke the attacker-specified program.
| Item | Source value |
|---|---|
| Affected software | openclaw (npm package) |
| Impact | Arbitrary code execution during plugin/hook installation |
| Trigger (CVE record) | Crafted .npmrc with git executable override + git dependency resolved during npm install |
| Severity | CVSS v4.0 8.4 (High); CVSS v3.1 7.8 (High) |
| Affected versions (CVE record) | Versions less than 2026.3.24 |
This is a supply-chain-shaped failure mode because it can turn “install-time” workflows (especially CI builds and plugin distribution) into an execution primitive, even when npm scripts are disabled.
Who is impacted
- Any environment running
openclawwhere the deployed version falls into the CVE record’s affected range (< 2026.3.24). - Teams that install local plugin directories/archives or hook packs (i.e., where OpenClaw stages the package and runs
npm installduring installation). - Higher-risk setups where untrusted contributors can influence the contents of plugin/hook bundles (e.g., third-party plugin repos, build artifacts pulled from external sources, or CI jobs that build/install from untrusted branches/PRs).
What to do now
- Follow vendor remediation guidance and apply a release that is not in the CVE record’s affected range (the CVE lists versions less than
2026.3.24as affected). - Treat
.npmrcas executable configuration in your supply chain:- Audit plugin/hook bundle ingestion paths for unexpected
.npmrcfiles. - If your CI installs local plugins/hooks, consider adding checks that reject or strip
.npmrcfrom staged install directories before dependency resolution.
- Audit plugin/hook bundle ingestion paths for unexpected
- If you suspect exposure, review installation-time telemetry for unexpected process executions correlated with plugin/hook installs and rotate any credentials accessible to the runner or developer workstation during the event.
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.