How Claw Chain Works
Researchers at Cyera have identified four vulnerabilities in OpenClaw that can be linked together to form an attack chain called Claw Chain. The flaws affect the OpenShell managed sandbox backend, which is designed to isolate code execution. An attacker can start the chain by gaining code execution inside the sandbox through a malicious plugin, prompt injection, or compromised external input.
The first flaw involves a race condition that allows an attacker to bypass sandbox restrictions and write files outside the intended mount root. A second race condition allows reading files outside the sandbox. Together, these enable an attacker to access credentials, secrets, and other sensitive files stored on the system.
Impact and Persistence
Once sensitive data is exposed, a third vulnerability allows non owner loopback clients to impersonate an owner and gain elevated privileges. This gives the attacker control over gateway configuration, cron scheduling, and execution environment management. The final flaw in the chain allows the attacker to plant backdoors or make configuration changes that persist across reboots.
Cyera warns that successful exploitation could lead to data theft, privilege escalation, and long term compromise of the host. The vulnerabilities collectively enable an attacker to establish a foothold, expose sensitive data, and maintain persistent control over the target system.
Source: The Hacker News
