GHSA-2RQG-GJGV-84JM OpenClaw: Gateway `agent` calls could override the workspace boundary
Summary The public gateway agent RPC allowed an authenticated operator with operator.write to supply attacker-controlled spawnedBy and workspaceDir values. That let the caller re-root the agent run outside its configured workspace boundary. Impact A non-owner operator could escape the intended...