The manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution.

If an attacker can convince a user to paste attacker-provided OAuth callback data during the manual login prompt, OpenClaw may exchange an attacker-obtained authorization code and persist tokens for the wrong Chutes account.

The automatic local callback flow is not affected (it validates state in the local HTTP callback handler).

The manual flow now requires the full redirect URL (must include code and state), validates the returned state against the expected value, and rejects code-only pastes.

Thanks @aether-ai-agent for reporting.