Yet another "OpenClaw is insecure" post!
I found this simple but elegant way to get silent RCE via email, exploiting prompt injection (despite countermeasures, there is no silver bullet) and insecure plugin handling (not skills!). I try to explain how it works and some ideas about hardening.
Note: prompt injection attacks are out-of-scope in the security policy.
Happy to get feedback.
veganmosfet|21 days ago