According to this[1] your statement that practical risk was low is not accurate.
> The attacker acquires an account or session with operator.pairing scope. On the 63% of exposed OpenClaw instances running without authentication, this step requires no credentials at all — the attacker connects and is assigned base pairing rights.
If that's accurate, then this statement:
> This was a privilege-escalation bug, but not "any random Telegram/Discord message can instantly own every OpenClaw instance."
...is only true for the 37% of authenticated OpenClaw instances.
I'm sure it's extremely stressful and embarrassing to face the prospect that your work created a widespread, significant vulnerability. As another software engineer and a human I empathize with the discomfort of that position. But respectfully, you should put your energy into addressing this and communicating honestly about what happened and the severity, not in attempting to save face and PR damage control. You will be remembered much better for the former.
EDIT: more from the source[2]
> The problem: 63% of the 135,000+ publicly exposed OpenClaw instances run without any authentication layer, according to a 2026 security researcher scan. On these deployments, any network visitor can request pairing access and obtain operator.pairing scope without providing a username or password. The authentication gate that is supposed to slow down CVE-2026-33579 does not exist.
> This is the intersection that makes this vulnerability particularly dangerous in practice. The CVSS vector already rates it PR:L (Privileges Required: Low) rather than PR:N — but on 63% of deployed instances, "low privilege" is functionally equivalent to "no privilege."
Please make your substantive points without crossing into personal attack. Your comment would be fine but for the paragraph in the middle where it does that.
Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes.
Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.
Please don't fulminate. Please don't sneer.
Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something.
The guidelines still apply, even if you feel negatively towards a project and its creator. Indeed it's even more important to make the effort to heed the guidelines for topics you feel negatively towards (after all, it's easy to be respectful about things we feel positively towards).
I'm critical of OpenClaw and even the author to some extent, but I prefer to have nuanced and compartmentalized conversations, on a thread about a specific vulnerability, it's much more productive to talk about the specific vulnerability rather than OpenClaw as a whole. Otherwise we would only have generic OpenClaw conversations and we would only be saying the same thing.
The comment could have been more substantive but it isn't generic or tangential. Discussing a vulnerability ultimately means discussing the failures of process that allowed it to be shipped. Especially with these application-level logic bugs that static analyzers can't generally find, the most productive outcome (after the vulnerability is fixed) is to discuss what process changes we can make to avoid shipping the next vulnerability. I'm sure there's hardening that can be done in OpenClaw but the premise of OpenClaw is to integrate many different services - it has a really large attack surface, only so much can be done to mitigate that, so it's critical to create code review processes that catch these issues.
OpenClaw is probably entering a phase of it's life where prototype-grade YOLO processes (like what the tweet describes) aren't going to cut it anymore. That's not really a criticism, the product's success has over vaulted it's maturity, which is a fortunate problem to have.
Your comment is obviously against the rules, but I read it as: Why are people not more careful? This is some unknown, app, with unknown, unvetted depths, and you only like it because other people say it's shiny and AI. It made you giddy, and you forgot that giving a tool permissions is an invitation to hackers. Well, you went ahead and ignored all common sense, and here we are.
If you're running OpenClaw, you already threw security and reliability out the window by running LLMs on the command line. It's a bit late to start worrying now.
That razor is poorly understood. It’s not malice if it can be explained by stupidity. In this case it’s not explained by stupidity, as the guy who made OpenClaw is very smart. Therefore, it can only be malice.
In this case I'd say that it was made not to enable that, but in total disregard of its realistic uses and risks. In a sense this is less... deliberate poisoning, and more doing a bad job cutting heroin with fentanyl for distribution. Yeah the result is the same, but the cause is negligence to the point of parody rather than outright malice.
I guess this is the era of no shame. I know people should realize this project is inherently insecure and that it’s likely you will get hacked if you use it. But why is the creator not even taking any accountability whatsoever —- especially after all the bragging he’s done about shipping fast and not reading any of the code his agents generate?
Please don't break the site guidelines, regardless of how wrong someone is or you feel they are.
You're right about em dashes of course (https://news.ycombinator.com/item?id=47154752) but being right on a point does not make it ok to attack another user or violate the rules of the site.
Please don't start generic flamewars on HN or impugn people who take an opposing view to yours. Both these vectors lead to tedious, unenlightening threads.
There's plenty of rage to go around on literally every divisive topic, and it's not the place we want discussions to come from here.
"Eschew flamebait. Avoid generic tangents."
"Comments should get more thoughtful and substantive, not less, as a topic gets more divisive."
There are other users in this very thread using inflammatory language to attack this paper and those who find the paper compelling. One user says, quote: “You just can't reason with the anti-LLM group.”
In light of this, why was my comment - which was in large part a reaction to the behavior of the users described above - the only one called out here?
Note that Yggdrasil Linux/GNU/X (https://news.ycombinator.com/item?id=43923380) is unrelated to this project. That project is a GNU/Linux distro; this is a userspace overlay network.
[[attacking project creators when they show up to discuss their work is particularly harmful; please don't ever do that here]]
[[[if you posted any of these, we'd appreciate it if you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules from now on]]]
reply