Student contributes two security patches to OpenClaw production system

Two security vulnerabilities identified and fixed
A student developer recently contributed two security patches to the OpenClaw production ecosystem, both of which were manually merged into live releases.
Gateway 'fail-open' vulnerability (PR #29198)
The first issue was a "fail-open" vulnerability where plugin HTTP routes were "wide open by default." The developer described it as: "if a developer didn't manually lock a door, it was just... open."
The fix involved refactoring the Gateway logic to implement a strict "deny-by-default" stance. This patch touched the core auth middleware for the entire system, which prevented automatic merging. The fix was manually landed on the main branch by @Steipete and shipped as part of the v2026.3.1 release.
Tabnabbing vulnerability in chat images (PR #18685)
The second vulnerability was a classic tabnabbing issue in chat images, where "a malicious site could potentially hijack your session." The developer implemented three security measures to address this:
- Added
noopener - Added
noreferrer - Forced
opener = nullto kill the window reference
This fix was released in v2026.2.24.
Manual merge process
Both patches required manual merging rather than automatic merging due to their impact on core systems. The gateway fix specifically required manual intervention because it affected the core authentication middleware.
The developer noted that seeing their code go live through a manual merge "felt like such a massive level-up" and provided confidence that student contributions can meaningfully impact production security.
📖 Read the full source: r/openclaw
👀 See Also

Practical Security Practices for OpenClaw Agents
A Reddit post outlines specific security practices for OpenClaw users, including scheduled commands for updates and audits, managing agent access in shared channels, and securing API keys and skills.

Sieve: Local Secret Scanner for AI Coding Tool Chat Histories
Sieve scans Cursor, Claude Code, Copilot, and other AI coding assistant chat histories for leaked API keys and tokens. All scanning is local, with redaction and macOS Keychain vault.

ClawGuard: Open-Source Security Gateway for OpenClaw API Credential Protection
ClawGuard is a security gateway that sits between AI agents and external APIs, using dummy credentials on the agent machine while storing real tokens separately. It provides Telegram approval for sensitive calls and maintains an audit trail of requests.

OpenClaw Security Breach: 42,000 Instances Exposed
OpenClaw experienced a significant security failure exposing 42,000 instances with 341 malicious skills. The rapid response involved creating AgentVault, a security proxy.