Security: sanitize inherited host exec env

src/agents/bash-tools.exec.path.test.ts

@@ -166,6 +166,29 @@ describe("exec host env validation", () => {
     ).rejects.toThrow(/Security Violation: Environment variable 'LD_DEBUG' is forbidden/);
   });
 
+  it("strips dangerous inherited env vars from host execution", async () => {
+    if (isWin) {
+      return;
+    }
+    const original = process.env.SSLKEYLOGFILE;
+    process.env.SSLKEYLOGFILE = "/tmp/openclaw-ssl-keys.log";
+    try {
+      const { createExecTool } = await import("./bash-tools.exec.js");
+      const tool = createExecTool({ host: "gateway", security: "full", ask: "off" });
+      const result = await tool.execute("call1", {
+        command: "printf '%s' \"${SSLKEYLOGFILE:-}\"",
+      });
+      const output = normalizeText(result.content.find((c) => c.type === "text")?.text);
+      expect(output).not.toContain("/tmp/openclaw-ssl-keys.log");
+    } finally {
+      if (original === undefined) {
+        delete process.env.SSLKEYLOGFILE;
+      } else {
+        process.env.SSLKEYLOGFILE = original;
+      }
+    }
+  });
+
   it("defaults to sandbox when sandbox runtime is unavailable", async () => {
     const tool = createExecTool({ security: "full", ask: "off" });