Davidluzsilva

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.31 **Description** A fail-open issue exists in the plugin installation flow where security scan failures do not block the installation process. This allows attackers to install untrusted plugins if operators choose to proceed despite visible scan warnings. **Recommendations** Update to version 2026.3.31.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.31 **Description** An authentication bypass exists where unauthenticated 'plugin-auth' HTTP routes are granted operator runtime write scopes. This allows unauthorized users to access these routes and perform privileged runtime actions intended for authorized operators. **Recommendations** Update to version 2026.3.31 or later.