OpenClaw Identity Spoofing Vulnerability in ACP Permission Resolution
Vulnerability
A vulnerability allowing identity spoofing has been identified in OpenClaw versions prior to 2026.3.22. This issue arises in the ACP permission resolution process, which improperly trusts conflicting tool identity hints from rawInput parameters and metadata. As a result, attackers can manipulate tool identities to bypass security prompts related to dangerous tools, effectively circumventing established safety measures.
Impact
Exploitation of this vulnerability can lead to unauthorized suppression of security prompts, allowing potentially harmful tools to be used without appropriate oversight or warning.
Reproduction
The vulnerability can be reproduced by sending a rawInput parameter that conflicts with the tool identity metadata. This can be done by using a tool that is considered dangerous and spoofing its identity through the rawInput, which will bypass the security prompts normally associated with such tools.
Remediation
Users can update to OpenClaw version 2026.3.22 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.