OpenClaw Twitch Plugin Authorization Bypass Vulnerability

A vulnerability exists in the OpenClaw Twitch plugin, versions 2026.1.29 prior to 2026.2.1, due to improper enforcement of the allowFrom allowlist. When allowedRoles is unset or empty, the plugin defaults to allowing all users, which can be exploited by mentioning the bot in Twitch chat. This bypasses access controls and triggers the agent dispatch pipeline, potentially leading to unintended actions or resource exhaustion.

Impact

Exploitation of this vulnerability allows unauthorized Twitch users to bypass access controls and invoke the agent dispatch pipeline, which could result in unintended actions or responses from the bot, and potentially exhaust system resources or costs associated with the actions taken.

Reproduction

To reproduce this vulnerability, install and enable the Twitch plugin for OpenClaw. Then, configure an allowFrom list with specific user IDs, but leave the allowedRoles setting unset or empty. From a Twitch account not included in the allowFrom list, send a message mentioning the bot. The bot will process the message and trigger the agent dispatch, despite the user not being allowlisted.

Remediation

Users can upgrade to OpenClaw version 2026.2.1 or later to address this vulnerability.