Preface: Unlike ChatGPT, which is a conversational chatbot, OpenClaw is designed to act. It receives a high-level goal, breaks it down into structured tasks, calls APIs, executes shell commands, and iterates until the objective is complete.
Installing OpenClaw (formerly ClawdBot) to collaborate with OpenAI on a smartphone that already contains WhatsApp is designed to achieve autonomous, proactive, and secure personal AI assistance directly within a messaging interface.
Background: OpenClaw’s primary design objective is to transition AI from a passive, conversational interface into a proactive, action-oriented autonomous agent that can independently execute multi-step workflows across a user’s local operating system and external cloud services.
It is architected as an “AI Gateway” or agent runtime rather than a standalone model, serving as the “hands” for an artificial brain by connecting large language models (LLMs) to real-world tools, files, and messaging platforms.
Older versions of the OpenClaw might have stored permissions in a “sticky” historical field (the legacy role fields). Without this check:
•You might revoke an agent’s access in the new dashboard.
•The system might see “no active tokens” and accidentally “fall back” to old settings.
•The agent would regain access you intended to take away.
Vulnerability details: OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes including admin access by exploiting the missing scope validation in extensions/device-pair/index[.]ts and src/infra/device-pairing[.]ts.
Official announcement: Please refer to link for details –