BrokenClaw – RCE in OpenClaw via Gmail Hook(veganmosfet.codeberg.page)
veganmosfet.codeberg.page
BrokenClaw – RCE in OpenClaw via Gmail Hook
https://veganmosfet.codeberg.page/posts/2026-02-02-openclaw_mail_rce/
https://veganmosfet.codeberg.page/posts/2026-02-02-openclaw_mail_rce/
Main issue: OpenClaw injects untrusted content in user messages instead of using the tool channel (less authoritative) when using the Gmail webhook.
Original links:
https://veganmosfet.codeberg.page/posts/2026-02-02-openclaw_...
https://veganmosfet.codeberg.page/posts/2026-02-15-openclaw_...