OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage
Summary In OpenClaw 2026.2.25, Signal group authorization under groupPolicy=allowlist could accept sender identities sourced from DM pairing-store approvals. This allowed DM pairing approvals to leak into group allowlist evaluation. Impact This is an authorization-boundary weakness between DM...