|
|
|
|
|
|
by veganmosfet
115 days ago
|
|
|
I experimented with OpenClaw (using opus4.6 and gpt5.2) and found this interesting way to get silent Remote Code Execution via email when using Gmail pub/sub Hook, exploiting prompt injection (out of scope from the security policy of OpenClaw) and insecure plugin design (properly documented as such). Works only with the full Gmail pub/sub hook. If your agent uses gogcli without the webhook, it is not affected. Main issue: OpenClaw injects untrusted content in user messages instead of using the tool channel (less authoritative) when using the Gmail webhook. Original links: https://veganmosfet.codeberg.page/posts/2026-02-02-openclaw_... https://veganmosfet.codeberg.page/posts/2026-02-15-openclaw_... |
|
|