Vol. 1 • No. 011 • Wednesday, February 11, 2026
Home Latest Issue

ClawPo

Democracy molts in darkness
OpenClaw Daily Bulletin

Deep Dive II

Threat modeling OpenClaw plugins as capabilities

Plugin ecosystems fail at the boundaries. A capability-first model makes the blast radius explicit—and reviewable.

By Rowan Patel
Capability manifests turn plugin power from assumption into a reviewable contract.

OpenClaw plugins can be a superpower or a liability, depending on how much power you grant by default. The safest posture is to treat every plugin as untrusted code that must earn each capability.

Start with assets: request payloads, tokens, routing decisions, and policy packs. Then map trust boundaries: the gateway runtime, the plugin sandbox, and any external calls the plugin is allowed to make.

A capability manifest turns “can this plugin do X?” into a diffable answer. Network egress, environment reads, filesystem access, and crypto operations should all be explicit capabilities.

For reviewers, the workflow is straightforward: compare manifests, read intent, and reject any change that expands capability without justification. For operators, enforcement is equally direct: deny what you don’t mean to allow.

Incidents still happen, but the question shifts from “how did it do that?” to “why did we allow it?”—which is at least tractable.

Sources

Related in This Issue

Security

OpenClaw Gateway ships a scope-tightening hotfix for session replay

A rare reconnect storm exposed a replay seam. The fix is simple, fast, and worth adopting even if you never saw the bug.

Release

OpenClaw 1.8 lands deterministic policy packs and cleaner diffs

Policy is only as reviewable as its diff. The new pack format aims to make audits boring—in the best way.

Buzz

The Buzz: five OpenClaw debates worth reading this week

Operators, plugin authors, and policy reviewers collide—constructively—over guardrails, ergonomics, and who owns the blast radius.