PT-2026-25487 — Insufficiently Protected Credentials in Npm Openclaw

PT-2026-25487 · Npm · Openclaw

Published

2026-03-03

Updated

2026-03-03

CVSS v4.0

2.1

Low

Vector

AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Vulnerability

OpenClaw reused gateway.auth.token (and gateway.remote.token) as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay=hash and commands.ownerDisplaySecret was unset.

This created secret dual-use between gateway authentication and prompt metadata hashing.

Impact

Auth-secret dual-use across security domains (gateway auth and prompt metadata hashing).
Hash outputs are visible to third-party model providers in system prompts.
No direct plaintext token disclosure.
Practical risk is highest when operators use weak gateway tokens and leave owner hash secret unset.

Affected Packages / Versions

Package: openclaw (npm)
Latest affected published version: 2026.2.21-2
Vulnerable range: <= 2026.2.21-2
Patched version (planned next release): 2026.2.22

Affected Components

src/agents/cli-runner/helpers.ts
src/agents/pi-embedded-runner/run/attempt.ts
src/agents/pi-embedded-runner/compact.ts

Remediation

Added a shared owner-display resolver and secret-generation helper.
Removed fallback to gateway.auth.token and gateway.remote.token.
Auto-generates and persists a dedicated commands.ownerDisplaySecret when hash mode is enabled and secret is missing.

Fix Commit(s)

c99e7696e6893083b256f0a6c88fb060f3a76fb7

Release Process Note

patched versions is pre-set to the planned next release (2026.2.22). Once npm release 2026.2.22 is published, this advisory only needs to be published.

OpenClaw thanks @aether-ai-agent for reporting.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

GHSA-V6X2-2QVM-6GV8

Affected Products

Openclaw