DenchClaw Caught Running Vulnerable openclaw Build With QMD Backend Access Control Bypass

A security audit of the DenchClaw project has uncovered that it relies on a vulnerable version of the openclaw dependency, placing the entire project under potential exposure to a critical path restriction bypass in its QMD backend. The flaw specifically affects the memory_get function, which normally should restrict file reads to canonical or indexed memory paths. Instead, the implementation permits reading arbitrary Markdown files within the workspace, potentially exposing sensitive configuration data, credentials, or internal documentation.

The vulnerability was identified during a dependency manifest scan and has been assigned a CVE identifier. The QMD backend, which handles Markdown processing within the openclaw ecosystem, fails to properly enforce access controls at the memory retrieval layer. This means an actor with the ability to trigger memory_get calls could circumvent workspace isolation and access files outside their intended scope. The DenchClaw project, which depends on openclaw for claw management and processing tasks, inherits this exposure by way of its direct dependency on the affected version.

Security researchers reviewing the finding have flagged the risk as significant for environments where workspace boundaries are meant to contain untrusted or semi-isolated processing tasks. Projects embedding DenchClaw or openclaw in CI/CD pipelines, developer tooling, or content management workflows could face unintended data exposure if the vulnerable code path is reached. Maintainers have been advised to audit their dependency trees, update to patched versions of openclaw where available, and apply compensating controls such as sandboxing and least-privilege process isolation until remediation is complete.