Session Handoff

The OpenClaw AgentSkills skill bundle is designed for legitimate context management and handoff creation. However, the `scripts/validate_handoff.py` script contains a path traversal vulnerability. Specifically, the `check_file_references` function, when parsing file paths from a handoff document, does not adequately sanitize paths, allowing `../` sequences. This could enable a malicious handoff document to check for the existence of arbitrary files outside the project directory (e.g., `/etc/passwd`) on the agent's system, leading to an information disclosure vulnerability.