From 17c9d550e9e1b6b9d7bf5a843020ab06531e795e Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Sun, 22 Feb 2026 08:21:48 +0100
Subject: [PATCH] docs: clarify sessionKey trust boundary in security policy

---
 SECURITY.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/SECURITY.md b/SECURITY.md
index 4b51daeaa73..4c7162ecd0a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -57,6 +57,7 @@ OpenClaw security guidance assumes:
 - The host where OpenClaw runs is within a trusted OS/admin boundary.
 - Anyone who can modify `~/.openclaw` state/config (including `openclaw.json`) is effectively a trusted operator.
 - A single Gateway shared by mutually untrusted people is **not a recommended setup**. Use separate gateways (or at minimum separate OS users/hosts) per trust boundary.
+- Authenticated Gateway callers are treated as trusted operators. Session identifiers (for example `sessionKey`) are routing controls, not per-user authorization boundaries.
 
 ## Plugin Trust Boundary