diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 005483a3f68..fa4d0b3b1b0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -748,6 +748,11 @@ jobs:
         continue-on-error: true
         run: pnpm run lint:extensions:channels
 
+      - name: Run bundled extension lint
+        id: extension_bundled_lint
+        continue-on-error: true
+        run: pnpm run lint:extensions:bundled
+
       - name: Enforce safe external URL opening policy
         id: no_raw_window_open
         continue-on-error: true
@@ -791,6 +796,7 @@ jobs:
           EXTENSION_PLUGIN_SDK_INTERNAL_BOUNDARY_OUTCOME: ${{ steps.extension_plugin_sdk_internal_boundary.outcome }}
           EXTENSION_RELATIVE_OUTSIDE_PACKAGE_BOUNDARY_OUTCOME: ${{ steps.extension_relative_outside_package_boundary.outcome }}
           EXTENSION_CHANNEL_LINT_OUTCOME: ${{ steps.extension_channel_lint.outcome }}
+          EXTENSION_BUNDLED_LINT_OUTCOME: ${{ steps.extension_bundled_lint.outcome }}
           NO_RAW_WINDOW_OPEN_OUTCOME: ${{ steps.no_raw_window_open.outcome }}
           CONTROL_UI_I18N_OUTCOME: ${{ steps.control_ui_i18n.outcome == 'skipped' && 'success' || steps.control_ui_i18n.outcome }}
           GATEWAY_WATCH_REGRESSION_OUTCOME: ${{ steps.gateway_watch_regression.outcome }}
@@ -813,6 +819,7 @@ jobs:
             "extension-plugin-sdk-internal-boundary|$EXTENSION_PLUGIN_SDK_INTERNAL_BOUNDARY_OUTCOME" \
             "extension-relative-outside-package-boundary|$EXTENSION_RELATIVE_OUTSIDE_PACKAGE_BOUNDARY_OUTCOME" \
             "lint:extensions:channels|$EXTENSION_CHANNEL_LINT_OUTCOME" \
+            "lint:extensions:bundled|$EXTENSION_BUNDLED_LINT_OUTCOME" \
             "lint:ui:no-raw-window-open|$NO_RAW_WINDOW_OPEN_OUTCOME" \
             "ui:i18n:check|$CONTROL_UI_I18N_OUTCOME" \
             "gateway-watch-regression|$GATEWAY_WATCH_REGRESSION_OUTCOME"; do
diff --git a/package.json b/package.json
index 32d59e053ed..714948ab774 100644
--- a/package.json
+++ b/package.json
@@ -1068,6 +1068,7 @@
     "lint:auth:pairing-account-scope": "node scripts/check-pairing-account-scope.mjs",
     "lint:docs": "pnpm dlx markdownlint-cli2",
     "lint:docs:fix": "pnpm dlx markdownlint-cli2 --fix",
+    "lint:extensions:bundled": "node scripts/run-bundled-extension-oxlint.mjs",
     "lint:extensions:channels": "node scripts/run-extension-channel-oxlint.mjs",
     "lint:extensions:no-plugin-sdk-internal": "node scripts/check-extension-plugin-sdk-boundary.mjs --mode=plugin-sdk-internal",
     "lint:extensions:no-relative-outside-package": "node scripts/check-extension-plugin-sdk-boundary.mjs --mode=relative-outside-package",
diff --git a/scripts/run-bundled-extension-oxlint.mjs b/scripts/run-bundled-extension-oxlint.mjs
new file mode 100644
index 00000000000..b44eaa08401
--- /dev/null
+++ b/scripts/run-bundled-extension-oxlint.mjs
@@ -0,0 +1,88 @@
+import { spawnSync } from "node:child_process";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import {
+  acquireLocalHeavyCheckLockSync,
+  applyLocalOxlintPolicy,
+} from "./lib/local-heavy-check-runtime.mjs";
+
+const repoRoot = process.cwd();
+const oxlintPath = path.resolve("node_modules", ".bin", "oxlint");
+const releaseLock = acquireLocalHeavyCheckLockSync({
+  cwd: repoRoot,
+  env: process.env,
+  toolName: "oxlint-bundled-extensions",
+  lockName: "oxlint-bundled-extensions",
+});
+
+const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-bundled-extension-oxlint-"));
+const tempConfigPath = path.join(tempDir, "oxlint.json");
+
+try {
+  const extensionFiles = collectTypeScriptFiles(path.resolve(repoRoot, "extensions"));
+
+  if (extensionFiles.length === 0) {
+    console.error("No bundled extension files found.");
+    process.exit(1);
+  }
+
+  writeTempOxlintConfig(tempConfigPath);
+
+  const baseArgs = ["-c", tempConfigPath, ...process.argv.slice(2), ...extensionFiles];
+  const { args: finalArgs, env } = applyLocalOxlintPolicy(baseArgs, process.env);
+  const result = spawnSync(oxlintPath, finalArgs, {
+    stdio: "inherit",
+    env,
+    shell: process.platform === "win32",
+  });
+
+  if (result.error) {
+    throw result.error;
+  }
+
+  process.exit(result.status ?? 1);
+} finally {
+  fs.rmSync(tempDir, { recursive: true, force: true });
+  releaseLock();
+}
+
+function writeTempOxlintConfig(configPath) {
+  const config = JSON.parse(fs.readFileSync(path.resolve(repoRoot, ".oxlintrc.json"), "utf8"));
+
+  delete config.$schema;
+
+  if (Array.isArray(config.ignorePatterns)) {
+    config.ignorePatterns = config.ignorePatterns.filter((pattern) => pattern !== "extensions/");
+    if (config.ignorePatterns.length === 0) {
+      delete config.ignorePatterns;
+    }
+  }
+
+  fs.writeFileSync(configPath, `${JSON.stringify(config, null, 2)}\n`, "utf8");
+}
+
+function collectTypeScriptFiles(directoryPath) {
+  const entries = fs.readdirSync(directoryPath, { withFileTypes: true });
+  const files = [];
+
+  for (const entry of entries.toSorted((a, b) => a.name.localeCompare(b.name))) {
+    const entryPath = path.join(directoryPath, entry.name);
+    if (entry.isDirectory()) {
+      files.push(...collectTypeScriptFiles(entryPath));
+      continue;
+    }
+
+    if (!entry.isFile()) {
+      continue;
+    }
+
+    if (!entry.name.endsWith(".ts") && !entry.name.endsWith(".tsx")) {
+      continue;
+    }
+
+    files.push(path.relative(repoRoot, entryPath).split(path.sep).join("/"));
+  }
+
+  return files;
+}