OpenClaw Security Hardening: Webhook Routes, SMS, and Plugin Isolation

Peter Steinberger lands six security-focused commits addressing webhook authentication, HTTP handler isolation, and SMS sending defaults — continuing the systematic hardening that began with February's Valentine's Day blitz.

About the Contributor

Peter Steinberger is a prolific OpenClaw core contributor with deep expertise in security and infrastructure. His work over the past month has systematically addressed attack surfaces across the platform — from shell injection prevention to TLS hardening to today's webhook authentication fixes. The consistent focus on defense-in-depth suggests enterprise deployment concerns are driving priorities.

Today's Security Commits

March 2, 2026 Security Fixes

fix(line): mark webhook route as plugin-authenticated SECURITY

d74bc25 • Peter Steinberger

refactor(gateway): hard-break plugin wildcard http handlers

2fd8264 • Peter Steinberger

refactor(gateway): unify control-ui and plugin webhook routing

b13d489 • Peter Steinberger

chore(lint): add registerHttpHandler usage guard script

a229ae6 • Peter Steinberger

refactor(net): unify proxy env checks and guarded fetch modes

c973b05 • Peter Steinberger

fix(security): harden sms.send dangerous-node defaults SECURITY

3e5762c • Peter Steinberger

Line Webhook Authentication

The Line messaging integration's webhook endpoint was missing the plugin-authenticated marker. This meant incoming webhooks from Line weren't validated against the expected Line signature, potentially allowing spoofed messages to trigger agent actions.

The fix adds proper authentication requirements, ensuring only legitimate Line webhook payloads are processed. This is the same pattern applied across other messaging integrations (Slack, Discord, Telegram) during previous hardening passes.

Plugin HTTP Handler Isolation

Two commits address how plugins register HTTP handlers:

Hard-break wildcard handlers: Previously, plugins could register catch-all routes (/*) that might intercept requests intended for other handlers. The refactor ensures explicit route registration.
Unified webhook routing: Control UI and plugin webhooks now share the same routing logic, reducing code paths that need security review.

The new lint guard script catches future regressions — any new registerHttpHandler usage gets flagged for review.

SMS Security Defaults

The sms.send action on "dangerous" nodes (nodes with elevated privileges) now has hardened defaults. This addresses scenarios where a compromised agent might attempt to send SMS messages through a privileged node, potentially for phishing or social engineering attacks.

The specific hardening includes:

Rate limiting on send operations
Required confirmation for new recipients
Logging of all SMS operations for audit

Proxy Environment Unification

The network layer now has unified handling of proxy environment variables (HTTP_PROXY, HTTPS_PROXY, NO_PROXY) and "guarded fetch modes." This ensures consistent security policy application regardless of which code path makes outbound requests.

The Bigger Picture

Today's commits continue a pattern established in February:

Feb 14: Valentine's Day security blitz (20+ fixes)
Feb 26: Path canonicalization and exec approvals
Mar 2: Webhook auth, plugin isolation, SMS hardening

The systematic approach — fixing issues, adding lints to catch regressions, unifying code paths — suggests OpenClaw is maturing from a hobbyist project to infrastructure suitable for enterprise deployment. For AI assistants handling sensitive operations (messaging, file access, code execution), this security posture is essential.

For Operators

Users running OpenClaw should update to get these fixes. The changes are backward-compatible but significantly improve the security posture of installations that:

Use Line messaging integration
Have plugins with HTTP endpoints
Enable SMS capabilities on any node
Route traffic through corporate proxies