BrokenClaw – RCE in OpenClaw via Gmail Hook
veganmosfet.codeberg.pageI experimented with OpenClaw (using opus4.6 and gpt5.2) and found this interesting way to get silent Remote Code Execution via email when using Gmail pub/sub Hook, exploiting prompt injection (out of scope from the security policy of OpenClaw) and insecure plugin design (properly documented as such). Works only with the full Gmail pub/sub hook. If your agent uses gogcli without the webhook, it is not affected.
Main issue: OpenClaw injects untrusted content in user messages instead of using the tool channel (less authoritative) when using the Gmail webhook.
Original links:
https://veganmosfet.codeberg.page/posts/2026-02-02-openclaw_...
https://veganmosfet.codeberg.page/posts/2026-02-15-openclaw_...