Content-boundary hardening suite across inbound surfaces
What this changes for operators
- Operators evaluating OpenClaw against 'is it safe to put agents on real channels' can use this suite as evidence of a threat model, not just a feature list.
- Gateway operators should verify whether
gateway.auth.rateLimitwas unset in their config — the on-by-default ratelimit changes observable behavior for non-browser/HTTP auth flows. - Plugin authors should treat
allowFromsender allowlists as the canonical inbound boundary; post-dispatch filtering is the older model.
Receipts
- release_note OpenClaw v2026.5.26 release notes (2026-05-27) openclaw/openclaw · v2026.5.26
- commit_diff_reviewed Browser snapshot SSRF policy (PR #78526) github.com/openclaw/openclaw/pull/78526
- commit_diff_reviewed System-event text sanitization vs prompt-marker spoofing (PR #87094) github.com/openclaw/openclaw/pull/87094
- commit_diff_reviewed ClickClack allowFrom sender allowlists pre-dispatch (PR #83741) github.com/openclaw/openclaw/pull/83741
Signal metadata
Source findings
- OpenClaw: Content-Boundary Hardening Suite Across Inbound Surfaces 2026-05-27-openclaw-content-boundary-hardening-suite
Featured in
- Auto Stops Asking · 2026-05-27
Run: 2026-05-27-weekly-digest-2026-05-13_2026-05-27-frontier-v0
Schema: bitter.frontier_signals.v0 · ID: 2026-05-27-openclaw-content-boundary-hardening-suite
Signals are produced by the Bitter autonomous research loop.