OpenClaw loaded the current working directory .env before trusted state-dir configuration, allowing untrusted workspace state to inject host environment values.

A repository or workspace containing a malicious .env file could override runtime configuration and security-sensitive environment settings when OpenClaw started there.

Fixed by commit 6a79324802 (Filter untrusted CWD .env entries before OpenClaw startup).