[mh2266]

> “did they patch this RCE,”

no, they documented it

https://docs.openclaw.ai/gateway/security#node-execution-sys...

[g947o]

So that's shifting the responsibility to users. And likely many users tools don't understand what those words mean.

All these companies/projects break decades of our security practice and sell you AI browser, AI agent for... I don't know what?

[vulnwrecker5000]

"productivity and optimization of your life" i guess? lol

[vulnwrecker5000]

yeah fair, but “documented” isn’t really a mitigation... most people are gonna run defaults, so defaults basically are the security model imo

[mh2266]

I'm not saying that "well we stated that our tool is designed as an RCE exploit" is, uh, better

[vulnwrecker5000]

haha fair "we've designed a fully exploitable agent and we can't wait to share it with the world" :')