What happened
A GitHub Security Advisory (CVSS 8.1) disclosed an authorization bypass in OpenClaw's ClickClack agent-mode dispatch path that could allow the toolsAllow allowlist policy to be ignored, letting less-trusted input paths invoke tools beyond their intended scope.
Why it matters
OpenClaw is a chat-driven agent gateway; a toolsAllow bypass means an attacker able to reach the agent via a lower-trust channel (e.g., a group chat or webhook) can invoke privileged tool actions that operators explicitly intended to restrict, defeating the primary access-control mechanism for agent tool use.
Attack vector
The ClickClack agent-mode dispatch feature can ignore the toolsAllow policy check meant to gate which tools an agent is permitted to invoke. When the feature is enabled and reachable, a lower-trust caller or a configured input path (e.g., an inbound chat message) can trigger tool actions that should have required a stronger authorization check.
Affected systems
OpenClaw versions 2026.5.10-beta.1 before 2026.6.5
Mitigation
Upgrade to OpenClaw 2026.6.5 or later; review GHSA-wp73-f3gg-w4vr for configuration guidance.