OpenClaw has a self-attack vulnerability that mistakenly executes Bash commands, leading to key leakage

By: rootdata|2026/03/05 20:43:30

Web3 security company GoPlus stated that the AI development tool OpenClaw has recently been reported to have experienced a self-attack security incident. During the execution of automated tasks, the system constructed an incorrect Bash command while calling Shell commands to create a GitHub Issue, inadvertently triggering command injection, which led to the exposure of a large number of sensitive environment variables.

In the incident, the AI-generated string contained a set wrapped in backticks, which was interpreted by Bash as command substitution and executed automatically. Since Bash outputs all current environment variables when executing set without parameters, this ultimately resulted in over 100 lines of sensitive information (including Telegram keys, authentication tokens, etc.) being directly written to the GitHub Issue and publicly published. GoPlus recommends that in AI automation development or testing scenarios, API calls should be used instead of directly concatenating Shell commands, and the principle of least privilege should be followed to isolate environment variables. Additionally, high-risk execution modes should be disabled, and a manual review mechanism should be introduced for critical operations.

-- Price

This may be the true test of cryptocurrency. It's not about whether the price has reached a new high, nor about who will achieve financial freedom in the next bull market, but rather whether, after all the grand narratives have been washed away by cycles, it can still leave behind some simpler, more...

Can a hairdryer earn $34,000? Interpreting the reflexivity paradox of prediction markets

Prediction markets are essentially betting on reality, and when participants can access or even influence this path earlier, the market no longer just reflects reality but begins to shape it in return.

6MV Founder: In 2026, the "landmark turning point" for crypto investment has arrived

"I will deploy funds in 2026, so I will tell you this is the best year in history."

Abraxas Capital Mints $2.89 Billion USDT: Liquidity Boost or Just More Stablecoin Arbitrage?

Abraxas Capital just received $2.89 billion in freshly minted USDT from Tether. Is this a bullish liquidity injection for crypto markets, or is it business as usual for a stablecoin arbitrage giant? We analyze the data and the likely impact on Bitcoin, altcoins, and DeFi.

A VC from the Crypto world said AI is too crazy, and they are very conservative

Amid the Crypto frenzy and with investors who once missed out on Pinduoduo, a new AI fund called Impa Ventures was established, rejecting bubble narratives and adhering to a conservative "problem-first" strategy to seek real business value.

The Evolutionary History of Contract Algorithms: A Decade of Perpetual Contracts, the Curtain Has Yet to Fall

The ten-year evolution of perpetual contracts: from pulling the plug on 312 to the shocking short squeeze of TRB, a deep dive into the pricing machine that averages $200 billion daily, written with countless liquidations and real money, detailing the blood and tears of risk control theory.

Kicked out by PayPal, Musk aims to make a comeback in the cryptocurrency market

Cashtags generated a trading volume of 1 billion dollars just a few days after its launch, marking a strong start for Musk's super app strategy. For the cryptocurrency market, X's layout may be one of the most anticipated sources of retail growth after the meme coin craze subsides.

Solana ETF News: What Is a Solana ETF and Why Is Goldman Sachs Betting $108 Million on SOL?

Solana ETF news today shows Goldman Sachs disclosed a $108M position while total SOL ETF inflows reached $1.45B. Analysts now expect up to $6B in institutional demand as Solana trades 71% below its all-time high.

Bitcoin ETF News Today: $2.1B Inflows Signal Strong Institutional Demand for BTC

Bitcoin ETFs news recorded $2.1B inflows over 8 consecutive days, marking one of the strongest recent accumulation streaks. Here’s what the latest Bitcoin ETF news means for BTC price and whether the $80K breakout level is next.

Michael Saylor: Winter is Over – Is He Right? 5 Key Data Points (2026)

Michael Saylor tweeted yesterday “Winter‘s Over.” It is short. It is bold. And it has the crypto world talking.

But is he right? Or is this just another CEO pumping his bags?

Let us look at the data. Let us be neutral. Let us see if the ice has really melted.

WEEX Bubbles App Now Live Visualizes the Crypto Market at a Glance

WEEX Bubbles is a standalone app designed to help users quickly understand complex crypto market movements through an intuitive bubble visualization.

Polygon co-founder Sandeep: Writing after the chain bridge chain explosion

In three weeks, Drift, Hyperbridge, and KelpDAO were consecutively hacked, resulting in nearly $900 million in losses. Polygon's CEO wrote that the problem lies not with any single team, but with the "notary" style architecture shared by the entire industry—relying on one or two signers to stamp cro...

Major Upgrade on Web: 10+ Advanced Chart Styles for Deeper Market Insights

To deliver more powerful and professional analysis tools, WEEX has rolled out a major upgrade to its web trading charts—now supporting up to 14 advanced chart styles.

Morning Report | Aethir secures a $260 million enterprise contract with Axe Compute; New Fire Technology acquires Avenir Group's trading team; Polymarket's trading volume surpassed by Kalshi

Overview of Important Market Events on April 23

Why a Million-Follower Crypto KOL Chooses WEEX VIP?

Discover why top crypto KOL Carl Moon partnered with WEEX. Explore the WEEX VIP ecosystem, 1,000 BTC protection fund, and exclusive rewards for serious traders.

CoinEx Founder: The Crypto Endgame in My Eyes

The industry will not disappear, but it will shrink significantly.

Spark Coin (SPK): Explodes 73% as Aave Bleeds $15B, A Good Investment Now?

Spark coin (SPK) surged 73% as $15 billion fled Aave after the KelpDAO hack. This article explains what Spark is, why it’s pumping, and whether it is a good investment right now.