CVE-2026-27485

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.17 and earlier

Description OpenClaw, a personal AI assistant, contains an issue in the skills/skill-creator/scripts/package skill.py script. This script previously followed symbolic links when creating .skill archives. If an author runs this script on a crafted skill directory containing symlinks to files outside the skill root, the resulting archive can include unintended file contents. This can lead to the potential unintentional disclosure of local files from the packaging machine into a generated .skill artifact. Exploitation requires local execution of the packaging script on attacker-controlled skill contents. The vulnerable component is the package skill.py script.

Recommendations Versions prior to 2026.2.18 are affected. Reject symlinks during skill packaging. Add regression tests for symlink file and symlink directory cases. Update packaging guidance to document the symlink restriction.