Cillian-Collins

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.2.6 through 2026.2.13 **Description** The OpenClaw macOS desktop client registers the `openclaw://` URL scheme. For `openclaw://agent` deep links lacking an unattended `key`, the application displays a confirmation dialog. Previously, this dialog showed only the first 240 characters of the message, but executed the complete message upon user confirmation. An attacker could exploit this by padding the message with whitespace to conceal a malicious payload beyond the visible preview, potentially leading a user to approve an unintended action. If a user executes the deep link, the agent may perform actions that could result in arbitrary command execution, dependent on the user's configured tool approvals and allowlists. This is a social-engineering mediated issue where the confirmation prompt may misrepresent the executed message. The vulnerable component is the confirmation prompt for `openclaw://agent` deep links. **Recommendations** Upgrade to OpenClaw version 2026.2.14 or later. Do not approve unexpected "Run OpenClaw agent?" prompts triggered while browsing untrusted sites. Use unattended deep links only with a valid `key` for trusted personal automations.