![[openclaw] OpenClaw: Reject symlinks in local skill packaging script](/assets/images/github_com_1771632185114.png)
Security Advisories์ถ์ฒ: GitHub Security Advisories์กฐํ์ 10
[openclaw] OpenClaw: Reject symlinks in local skill packaging script
By GitHub2026๋
2์ 21์ผ
**[openclaw] OpenClaw: Reject symlinks in local skill packaging script**
Vulnerability skills/skill-creator/scripts/package_skill.py (a local helper script used when authors package skills) previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory containing symlinks to files outside the skill root, the resulting archive can include unintended file contents. Severity and Exposure Severity: Low Execution context: local/manual workflow only (skill author packaging step) No remote trigger: this is not reachable via normal OpenClaw gateway/chat runtime paths No extraction Zip Slip in this finding: this issue is limited to packaging-time symlink following Impact Potential unintentional disclosure of local files from the packaging machine into a generated .skill artifact. Requires local execution of the packaging script on attacker-controlled skill contents. Affected Components skills/skill-creator/scripts/package_skill.py Affected Packages / Versions Package: openclaw (npm) Latest published version during triage: 2026.2.17 Vulnerable version range: <= 2026.2.17 Planned patched version (next release): 2026.2.18 Remediation Reject symlinks during skill packaging...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
Vulnerability skills/skill-creator/scripts/package_skill.py (a local helper script used when authors package skills) previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory containing symlinks to files outside the skill root, the resulting archive can include unintended file contents. Severity and Exposure Severity: Low Execution context: local/manual workflow only (skill author packaging step) No remote trigger: this is not reachable via normal OpenClaw gateway/chat runtime paths No extraction Zip Slip in this finding: this issue is limited to packaging-time symlink following Impact Potential unintentional disclosure of local files from the packaging machine into a generated .skill artifact. Requires local execution of the packaging script on attacker-controlled skill contents. Affected Components skills/skill-creator/scripts/package_skill.py Affected Packages / Versions Package: openclaw (npm) Latest published version during triage: 2026.2.17 Vulnerable version range: <= 2026.2.17 Planned patched version (next release): 2026.2.18 Remediation Reject symlinks during skill packaging...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.