fix(security): restore trusted plugin runtime exec default

2026-03-12 07:20:45 +00:00 · 2026-02-19 16:01:22 +01:00
parent 8288702f51
commit 2e421f32df
9 changed files with 17 additions and 84 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -49,6 +49,14 @@ When patching a GHSA via `gh api`, include `X-GitHub-Api-Version: 2022-11-28` (o
 - Using OpenClaw in ways that the docs recommend not to
 - Prompt injection attacks

+## Plugin Trust Boundary
+
+Plugins/extensions are loaded **in-process** with the Gateway and are treated as trusted code.
+
+- Plugins can execute with the same OS privileges as the OpenClaw process.
+- Runtime helpers (for example `runtime.system.runCommandWithTimeout`) are convenience APIs, not a sandbox boundary.
+- Only install plugins you trust, and prefer `plugins.allow` to pin explicit trusted plugin ids.
+
 ## Operational Guidance

 For threat model + hardening guidance (including `openclaw security audit --deep` and `--fix`), see: