clawdbot 2026.1.23 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the clawdbot package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Command Injection clawdbot is a WhatsApp gateway CLI (Baileys web) with Pi RPC agent Affected versions of this package are vulnerable to Command Injection via unsafe handling of the `PATH` environment variable when constructing shell commands. An authenticated user can execute arbitrary commands within the container context by supplying malicious environment variables. This may result in unauthorized access to the container filesystem, exposure of sensitive data, or further compromise of the container environment. Note: This is only exploitable if Docker sandbox mode is enabled. How to fix Command Injection? A fix was pushed into the `master` branch but not yet published.	*
H Credential Exposure clawdbot is a WhatsApp gateway CLI (Baileys web) with Pi RPC agent Affected versions of this package are vulnerable to Credential Exposure in the form of gateway query parameter hook tokens being sent in websocket responses. An attacker who convinces a user to follow a link with a malicious `gatewayUrl` URL can extract the token, connect to the victim's local gateway, and perform arbitrary actions including code execution. The availability of the token to the attacker is due to the application's behavior of automatically connecting when provided a gateway URL. Note: Instances configured to listen on loopback only are also vulnerable, because the victim's browser initiates the outbound connection. How to fix Credential Exposure? A fix was pushed into the `master` branch but not yet published.	*

Vulnerability

Vulnerable Version

Command Injection

clawdbot is a WhatsApp gateway CLI (Baileys web) with Pi RPC agent

Affected versions of this package are vulnerable to Command Injection via unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user can execute arbitrary commands within the container context by supplying malicious environment variables. This may result in unauthorized access to the container filesystem, exposure of sensitive data, or further compromise of the container environment.

Note: This is only exploitable if Docker sandbox mode is enabled.

How to fix Command Injection?

A fix was pushed into the master branch but not yet published.

Credential Exposure

clawdbot is a WhatsApp gateway CLI (Baileys web) with Pi RPC agent

Affected versions of this package are vulnerable to Credential Exposure in the form of gateway query parameter hook tokens being sent in websocket responses. An attacker who convinces a user to follow a link with a malicious gatewayUrl URL can extract the token, connect to the victim's local gateway, and perform arbitrary actions including code execution. The availability of the token to the attacker is due to the application's behavior of automatically connecting when provided a gateway URL.

Note: Instances configured to listen on loopback only are also vulnerable, because the victim's browser initiates the outbound connection.

How to fix Credential Exposure?

A fix was pushed into the master branch but not yet published.

clawdbot@2026.1.23 vulnerabilities

WhatsApp gateway CLI (Baileys web) with Pi RPC agent

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically