Source-grounded rewrite of 529 published docs pages with per-unit information-loss verification: 1,713 factual corrections cited to src/**, generated surfaces regenerated, frontmatter titles preserved for i18n, release notes pages untouched. All docs gates green. Closes #100141
4.3 KiB
summary, title, read_when
| summary | title | read_when | ||
|---|---|---|---|---|
| How to contribute to the OpenClaw threat model | Contributing to the threat model |
|
The threat model is a living document. Contributions are welcome from anyone; you do not need security or MITRE ATLAS background.
This is for adding to the threat model, not reporting live vulnerabilities. If you found an exploitable vulnerability, follow the responsible-disclosure instructions on the [Trust page](https://trust.openclaw.ai) instead.Ways to contribute
Add a threat. Open an issue on openclaw/trust describing the attack scenario in your own words. Helpful but not required:
- The attack scenario and how it could be exploited.
- Which components are affected (CLI, gateway, channels, ClawHub, MCP servers, etc.).
- Your estimate of severity (low / medium / high / critical).
- Links to related research, CVEs, or real-world examples.
Maintainers assign the ATLAS mapping, threat ID, and risk level during review.
Suggest a mitigation. Open an issue or PR referencing the threat. Be specific and actionable: "per-sender rate limiting of 10 messages/minute at the gateway" is more useful than "implement rate limiting."
Propose an attack chain. Attack chains show how multiple threats combine into a realistic scenario. Describe the steps and how an attacker would chain them; a short narrative beats a formal template.
Fix or improve existing content. Typos, clarifications, outdated info, better examples: PRs welcome, no issue needed.
Framework reference
Threats are mapped to MITRE ATLAS (Adversarial Threat Landscape for AI Systems), a framework for AI/ML-specific threats like prompt injection, tool misuse, and agent exploitation. You do not need to know ATLAS to contribute; maintainers map submissions during review.
Threat IDs. Each threat gets an ID like T-EXEC-003, assigned by maintainers during review.
| Code | Category |
|---|---|
| RECON | Reconnaissance - information gathering |
| ACCESS | Initial access - gaining entry |
| EXEC | Execution - running malicious actions |
| PERSIST | Persistence - maintaining access |
| EVADE | Defense evasion - avoiding detection |
| DISC | Discovery - learning about the environment |
| EXFIL | Exfiltration - stealing data |
| IMPACT | Impact - damage or disruption |
Risk levels. If you are unsure about the level, just describe the impact; maintainers assess it.
| Level | Meaning |
|---|---|
| Critical | Full system compromise, or high likelihood + critical impact |
| High | Significant damage likely, or medium likelihood + critical impact |
| Medium | Moderate risk, or low likelihood + high impact |
| Low | Unlikely and limited impact |
Review process
- Triage - new submissions are reviewed within 48 hours.
- Assessment - maintainers verify feasibility, assign ATLAS mapping and threat ID, validate risk level.
- Documentation - formatting and completeness pass.
- Merge - added to the threat model and visualization.
Resources
Contact
- Security vulnerabilities: Trust page for reporting instructions, or
security@openclaw.ai. - Threat model questions: open an issue on openclaw/trust.
- General chat: Discord
#securitychannel.
Recognition
Contributors to the threat model are recognized in the threat model acknowledgments, release notes, and the OpenClaw security hall of fame for significant contributions.