GHSA-2CH6-X3G4-7759 OpenClaw's commands.allowFrom sender authorization accepted conversation identifiers via ctx.From
Summary commands.allowFrom is documented as a sender authorization allowlist for commands/directives, but command authorization could include ctx.From conversation identity as a sender candidate. When commands.allowFrom contained conversation-like identifiers for example Discord channel: or...