fix(auto-reply): resolve scp via PATH instead of hardcoded /usr/bin/scp (#78677)

MoerAI · MoerAI · commit 5c2b87f27a98 · 2026-05-07T21:01:00.000+09:00
stageRemoteFileIntoRoot -&gt; scpFile spawned /usr/bin/scp directly, which is POSIX-FHS-only and fails with ENOENT on Windows native (OpenSSH ships scp.exe outside /usr/bin), Homebrew/Nix prefixes, and any layout where scp lives elsewhere on PATH. Pass the bare command 'scp' so child_process.spawn resolves the OS-appropriate binary via PATH while keeping the existing BatchMode + StrictHostKeyChecking + '--' separator argv (no shell expansion, normalizeScpRemoteHost/normalizeScpRemotePath still guard host/path inputs, no widened attack surface). Adds a targeted regression test that asserts spawn is called with 'scp' (not '/usr/bin/scp') so a future revert reintroduces the cross-platform regression visibly.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -142,6 +142,7 @@ Docs: https://docs.openclaw.ai
 
 ### Fixes
 
+- Auto-reply/staging: spawn `scp` via PATH lookup instead of a hardcoded `/usr/bin/scp` path so remote inbound media staging works on Windows native (`OpenSSH\scp.exe`), Homebrew/Nix, and other non-FHS layouts. Fixes #78677.
 - Gateway/sessions: clear cached skills snapshots during `/new` and `sessions.reset` so long-lived channel sessions rebuild the visible skill list after skills change. (#78873) Thanks @Evizero.
 - fix(auto-reply): gate inline skill tool dispatch [AI]. (#78517) Thanks @pgondhi987.
 - Canvas plugin: keep legacy root `canvasHost` configs valid until `openclaw doctor --fix` migrates them into `plugins.entries.canvas.config.host`, move Canvas/A2UI clients to gateway protocol v4 plugin surfaces, and refresh the generated A2UI bundle hash so normal builds stay clean.
diff --git a/src/auto-reply/reply.stage-sandbox-media.scp-remote-path.test.ts b/src/auto-reply/reply.stage-sandbox-media.scp-remote-path.test.ts
@@ -117,4 +117,35 @@ describe("stageSandboxMedia scp remote paths", () => {
       }
     });
   });
+
+  it("invokes scp via PATH instead of a hardcoded /usr/bin/scp absolute path (#78677)", async () => {
+    await withSandboxMediaTempHome("openclaw-triggers-", async (home) => {
+      const { cfg, workspaceDir, sessionKey } = createRemoteStageParams(home);
+      const remotePath = "/Users/demo/Library/Messages/Attachments/ab/cd/photo.jpg";
+      const { ctx, sessionCtx } = createRemoteContexts(remotePath);
+      childProcessMocks.spawn.mockImplementation(() => {
+        // Stop before any actual ssh handshake. We only assert spawn argv.
+        throw new Error("stop before scp");
+      });
+
+      await stageSandboxMedia({
+        ctx,
+        sessionCtx,
+        cfg,
+        sessionKey,
+        workspaceDir,
+      });
+
+      // OpenSSH lives outside `/usr/bin` on Windows native (typically
+      // `C:\\Windows\\System32\\OpenSSH\\scp.exe`) and on Homebrew/Nix-based
+      // macOS/Linux installs. The fix routes through PATH lookup by passing
+      // the bare command name `scp` so `child_process.spawn` resolves the
+      // OS-appropriate binary instead of failing with `ENOENT` on a hardcoded
+      // FHS path.
+      expect(childProcessMocks.spawn).toHaveBeenCalled();
+      const command = childProcessMocks.spawn.mock.calls[0]?.[0];
+      expect(command).toBe("scp");
+      expect(command).not.toBe("/usr/bin/scp");
+    });
+  });
 });
diff --git a/src/auto-reply/reply/stage-sandbox-media.ts b/src/auto-reply/reply/stage-sandbox-media.ts
@@ -318,8 +318,14 @@ async function scpFile(remoteHost: string, remotePath: string, localPath: string
     throw new Error("invalid remote path for SCP");
   }
   return new Promise((resolve, reject) => {
+    // Resolve `scp` via PATH so OpenSSH installs that live outside `/usr/bin`
+    // (Windows OpenSSH, Homebrew, Nix, custom prefixes) can stage remote
+    // attachments. The argv (BatchMode + StrictHostKeyChecking + `--` separator)
+    // already prevents shell-injection, so PATH lookup does not widen the
+    // attack surface beyond what the surrounding `normalizeScpRemote*` helpers
+    // already guard. (#78677)
     const child = spawn(
-      "/usr/bin/scp",
+      "scp",
       [
         "-o",
         "BatchMode=yes",
