GHSA-3CW3-5VXW-G2H3 OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials
Summary Remote onboarding accepted discovered gateway endpoints without an explicit trust confirmation before persisting the remote URL and connection details. Impact A malicious or spoofed discovery endpoint could steer onboarding toward an attacker-controlled gateway and capture future gateway...