Skip to content

Mitigation: T-EXEC-001/T-EXEC-002 Instruction-Layer Challenge-Response Authentication#6

Open
vinjafam-eng wants to merge 2 commits intoopenclaw:mainfrom
vinjafam-eng:main
Open

Mitigation: T-EXEC-001/T-EXEC-002 Instruction-Layer Challenge-Response Authentication#6
vinjafam-eng wants to merge 2 commits intoopenclaw:mainfrom
vinjafam-eng:main

Conversation

@vinjafam-eng
Copy link

@vinjafam-eng vinjafam-eng commented Feb 18, 2026

Adds a mitigation for T-EXEC-001 (Critical) and T-EXEC-002 (High), satisfying R-003.

This proposes a concrete, deployable pattern for instruction-layer challenge-response authentication that any OpenClaw operator can adopt today via AGENTS.md — no code changes required.

Key properties:

  • Requires a shared secret (security token) before any sensitive operation proceeds
  • Enforced even when the user explicitly requests the action
  • Blocks indirect prompt injection: malicious content from emails or webpages still hits the token wall — the token must come from the live session
  • 3-strike lockout prevents brute force
  • Works with 1Password or local credentials file

vinjafam-eng and others added 2 commits February 18, 2026 00:26
@vinjafam-eng
Create T-EXEC-001-challenge-response-auth.md
b051050
@vinjafam-eng @sidwpdev
feat(mitigations): expand challenge-response auth with AGENTS.md snip…
cda0868 
…pet and limitations

Expands the mitigation with:
- Detailed key properties table
- Reference AGENTS.md implementation snippet (copy-paste ready)
- Limitations section (T-ACCESS-003 plaintext context, instruction-layer caveats)
- Structured problem/gap framing

Co-authored-by: Siddhartha V <sidwpdev@outlook.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vinjafam-eng

Comments