BrokenClaw - RCE in OpenClaw via Gmail Hook (Security Research)

Security research documenting 0-click RCE in OpenClaw via Gmail pub/sub hook. Attack chain: malicious email → prompt injection → agent clones malicious .openclaw repo → gateway restart → malicious plugin executes → reverse shell. Only affects users with full Gmail pub/sub webhook enabled (not gogcli users). Tested on versions 2026.2.2-3 through 2026.2.21-2 with both GPT5.2 and Opus4.6. Why we added it: Critical security advisory — if you use Gmail webhook, you need to read this.

Details

Author veganmosfet

Related Resources

OpenClaw Integration Guide

Using OpenRouter as LLM provider with OpenClaw for model flexibility

How to Deploy OpenClaw on Vultr

Docker Compose on Ubuntu 24.04 with Serverless Inference

Official OpenClaw Documentation (docs.openclaw.ai)

The official documentation hub for OpenClaw. Comprehensive reference covering installation methods, configuration options, channel setup (WhatsApp, Telegram, Discord, etc.), node pairing, skills development, troubleshooting, and advanced features. Your go-to resource for technical details and official guidance.