Skip to content

Mitigation: T-EXEC-001/T-EXEC-002 Instruction-Layer Challenge-Response Authentication#6

Open
vinjafam-eng wants to merge 2 commits intoopenclaw:mainfrom
vinjafam-eng:main
Open

Mitigation: T-EXEC-001/T-EXEC-002 Instruction-Layer Challenge-Response Authentication#6
vinjafam-eng wants to merge 2 commits intoopenclaw:mainfrom
vinjafam-eng:main

Conversation

@vinjafam-eng
Copy link

Adds a mitigation for T-EXEC-001 (Critical) and T-EXEC-002 (High), satisfying R-003.

This proposes a concrete, deployable pattern for instruction-layer challenge-response authentication that any OpenClaw operator can adopt today via AGENTS.md — no code changes required.

Key properties:

  • Requires a shared secret (security token) before any sensitive operation proceeds
  • Enforced even when the user explicitly requests the action
  • Blocks indirect prompt injection: malicious content from emails or webpages still hits the token wall — the token must come from the live session
  • 3-strike lockout prevents brute force
  • Works with 1Password or local credentials file

vinjafam-eng and others added 2 commits February 18, 2026 00:26
…pet and limitations

Expands the mitigation with:
- Detailed key properties table
- Reference AGENTS.md implementation snippet (copy-paste ready)
- Limitations section (T-ACCESS-003 plaintext context, instruction-layer caveats)
- Structured problem/gap framing

Co-authored-by: Siddhartha V <sidwpdev@outlook.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant

Comments