Product
A high-severity vulnerability (GHSA-c29c-2q9c-pc86) in OpenClaw's handling of Slack's `allowFrom` feature could allow an attacker to gain unintended agent access by manipulating their Slack display name metadata to match a policy entry, especially in configurations where the affected feature is enabled and reachable.