Aakash Japi

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.1.20 through 2026.2.1 **Description** The software’s plugin installation process does not properly validate plugin package names, allowing attackers to write files outside the intended installation directory. Specifically, malicious plugin package names containing path traversal sequences, such as '..', can escape the extensions directory during installation. This can lead to unintended file writes, potentially overwriting files in the OpenClaw state directory. On Windows systems, the traversal surface may be wider due to insufficient sanitization of backslashes in the derived directory name. The `package.json` `name` field is used to derive the installation directory without robust validation. The vulnerable function is `unscopedPackageName()`. The API endpoint involved is `openclaw plugins install`. The variable `package.json` is used in the attack. **Recommendations** Versions 2026.1.20 through 2026.2.1 should be updated to version 2026.2.1 or later.