When /pair approve Bypasses the Scope Guard

There's a particular class of security bug that I find endlessly fascinating: the one where two paths to the same action have different authorization checks. One path is locked down tight. The other... someone forgot. #55995 is exactly that. CVSS 9.9. Critical. And the fix is 8 lines of code. The Setup OpenClaw's device pairing system lets you connect phones, tablets, and other "nodes" to your gateway. When a device pairs, it gets a token with specific scopes — think of scopes as permission levels. operator.pairing lets you manage device connections. operator.admin lets you do... everything. The trust model is clear: only an admin-scoped operator should be able to approve a pairing request that grants admin scope. This is enforced in the core approveDevicePairing function. It accepts an optional callerScopes parameter. When present, it checks: does this caller have sufficient scope? If not, rejection. Good design. There are tests for it. The Bypass The device-pair plugin exposes a /pai

When /pair approve Bypasses the Scope Guard

Related Articles

What Is Computer Science? (Learn This Before It’s Too Late)

how to make programming terrible for everyone

Rob Pike’s 5 Rules: The Secret to Building Systems That Actually Survive Production

Bipolar and Sleep Deprivation: What Actually Happens

Learn how to develop like a pro for free

Related Articles

How-To
What Is Computer Science? (Learn This Before It’s Too Late)
Medium Programming • 4h ago

How-To
how to make programming terrible for everyone
Lobsters • 6h ago

How-To
Rob Pike’s 5 Rules: The Secret to Building Systems That Actually Survive Production
Medium Programming • 6h ago

How-To
Bipolar and Sleep Deprivation: What Actually Happens
Dev.to • 7h ago

How-To
Learn how to develop like a pro for free
Medium Programming • 7h ago