According to this[1] your statement that practical risk was low is not accurate.
> The attacker acquires an account or session with operator.pairing scope. On the 63% of exposed OpenClaw instances running without authentication, this step requires no credentials at all — the attacker connects and is assigned base pairing rights.
If that's accurate, then this statement:
> This was a privilege-escalation bug, but not "any random Telegram/Discord message can instantly own every OpenClaw instance."
...is only true for the 37% of authenticated OpenClaw instances.
I'm sure it's extremely stressful and embarrassing to face the prospect that your work created a widespread, significant vulnerability. As another software engineer and a human I empathize with the discomfort of that position. But respectfully, you should put your energy into addressing this and communicating honestly about what happened and the severity, not in attempting to save face and PR damage control. You will be remembered much better for the former.
EDIT: more from the source[2]
> The problem: 63% of the 135,000+ publicly exposed OpenClaw instances run without any authentication layer, according to a 2026 security researcher scan. On these deployments, any network visitor can request pairing access and obtain operator.pairing scope without providing a username or password. The authentication gate that is supposed to slow down CVE-2026-33579 does not exist.
> This is the intersection that makes this vulnerability particularly dangerous in practice. The CVSS vector already rates it PR:L (Privileges Required: Low) rather than PR:N — but on 63% of deployed instances, "low privilege" is functionally equivalent to "no privilege."
Please make your substantive points without crossing into personal attack. Your comment would be fine but for the paragraph in the middle where it does that.
Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes.
Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.
Please don't fulminate. Please don't sneer.
Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something.
The guidelines still apply, even if you feel negatively towards a project and its creator. Indeed it's even more important to make the effort to heed the guidelines for topics you feel negatively towards (after all, it's easy to be respectful about things we feel positively towards).
Thanks for explaining, is this mostly about replying directly to the person involved in the project? Compared to e.g. a comment in a thread about OpenClaw without replying directly to the creator? Just trying to figure out where the line is, I do think snark is a valid form of criticism sometimes but it's your house after all.
That comment would be a guidelines breach on HN, whether or not it was in reply to the project creator. It gives off just the kind of negativity that HN has always aimed to avoid. Even if we don't always succeed in avoiding it, the guidelines represent an ideal that we work to uphold every day.
> Just trying to figure out where the line is
It's not really about a line, it's about the qualitative style of discussion we’re here for. HN is for people who like to build things and work on interesting new projects, and have curious conversations about what they're building. Projects that are new and built in different ways than what has come before will always be easy to criticise from a position of conformity to historical conventions, but if we all thought that way, nothing new would ever be built.
> I do think snark is a valid form of criticism sometimes
Not on HN. Thoughtful criticism is fine, and the very first two words of the “In Comments” section of the guidelines are “be kind”.
> but it's your house after all
That's not how we think about it. We’re custodians of this place and our role is to keep it a healthy place for discussion among intellectually curious hackers. It takes daily work and effort to uphold the guidelines and keep the standards up so that it doesn’t become the hellscape of negativity that it's often stereotyped as being.
For me I think this veers dangerously close to tone policing. I don't think you have to always be extremely civil in the face of what you consider moral bankruptcy. But I can also understand that it creates a vicious cycle so I can appreciate your position here.
Thanks for the discussion and (partially) understanding :)
The use of terms like “moral bankruptcy” is exactly what the guidelines ask us to avoid, indeed explicitly so with the phrase “Assume good faith”.
Part of the challenge of participating on HN is to be able to come into contact with people who see and do things differently (including building software projects in a way that's different from the way we consider proper) and find a way to recognize that they are still acting in good faith and deserving of basic courtesy.
I'm critical of OpenClaw and even the author to some extent, but I prefer to have nuanced and compartmentalized conversations, on a thread about a specific vulnerability, it's much more productive to talk about the specific vulnerability rather than OpenClaw as a whole. Otherwise we would only have generic OpenClaw conversations and we would only be saying the same thing.
The comment could have been more substantive but it isn't generic or tangential. Discussing a vulnerability ultimately means discussing the failures of process that allowed it to be shipped. Especially with these application-level logic bugs that static analyzers can't generally find, the most productive outcome (after the vulnerability is fixed) is to discuss what process changes we can make to avoid shipping the next vulnerability. I'm sure there's hardening that can be done in OpenClaw but the premise of OpenClaw is to integrate many different services - it has a really large attack surface, only so much can be done to mitigate that, so it's critical to create code review processes that catch these issues.
OpenClaw is probably entering a phase of it's life where prototype-grade YOLO processes (like what the tweet describes) aren't going to cut it anymore. That's not really a criticism, the product's success has over vaulted it's maturity, which is a fortunate problem to have.
If you're running OpenClaw, you already threw security and reliability out the window by running LLMs on the command line. It's a bit late to start worrying now.
Your comment is obviously against the rules, but I read it as: Why are people not more careful? This is some unknown, app, with unknown, unvetted depths, and you only like it because other people say it's shiny and AI. It made you giddy, and you forgot that giving a tool permissions is an invitation to hackers. Well, you went ahead and ignored all common sense, and here we are.
There are many "right" ways to read my comment. Reading it says more about reader than the writer.
And yes, most probably I violated some spoken/unspoken rules and ready to bear consequences.
--
Common sense abotu security has shifted significantly. You're (me including) with out common sense of security are in minority today. We're uncommon. Wait till people start questioning such stance.
--
I just was reading docs on plugin for toddlywiki which makes gives it multiuser support and lan accessibility. The level of awarness of the risks of opening your tw server (i't like 5-ish years ago) to LAN is almost read like a satire from where we're today.
That razor is poorly understood. It’s not malice if it can be explained by stupidity. In this case it’s not explained by stupidity, as the guy who made OpenClaw is very smart. Therefore, it can only be malice.
In this case I'd say that it was made not to enable that, but in total disregard of its realistic uses and risks. In a sense this is less... deliberate poisoning, and more doing a bad job cutting heroin with fentanyl for distribution. Yeah the result is the same, but the cause is negligence to the point of parody rather than outright malice.
I guess this is the era of no shame. I know people should realize this project is inherently insecure and that it’s likely you will get hacked if you use it. But why is the creator not even taking any accountability whatsoever —- especially after all the bragging he’s done about shipping fast and not reading any of the code his agents generate?
[[attacking project creators when they show up to discuss their work is particularly harmful; please don't ever do that here]]
[[[if you posted any of these, we'd appreciate it if you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules from now on]]]