GHSA-33rq-m5x2-fvgf: OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline

February 17, 2026

In the optional Twitch channel plugin (extensions/twitch), allowFrom is documented as a hard allowlist of Twitch user IDs, but it was not enforced as a hard gate. If allowedRoles is unset or empty, the access control path defaulted to allow, so any Twitch user who could mention the bot could reach the agent dispatch pipeline.

Scope note: This only affects deployments that installed and enabled the Twitch plugin. Core OpenClaw installs that do not install/enable the Twitch plugin are not impacted.

References

github.com/advisories/GHSA-33rq-m5x2-fvgf
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/8c7901c984866a776eb59662dc9d8b028de4f0d0
github.com/openclaw/openclaw/releases/tag/v2026.2.1
github.com/openclaw/openclaw/security/advisories/GHSA-33rq-m5x2-fvgf

Code Behaviors & Features

Detect and mitigate GHSA-33rq-m5x2-fvgf with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →