GHSA-6RMX-GVVG-VH6J OpenClaw's hooks count non-POST requests toward auth lockout
OpenClaw's hooks HTTP handler counted hook authentication failures before rejecting unsupported HTTP methods. An unauthenticated client could send repeated non-POST requests for example GET with an invalid token to consume the hook auth failure budget and trigger the temporary lockout window for...