Security: Status endpoint exposes sensitive internal information

Summary

The status and health RPC methods expose detailed internal information including file system paths, session IDs, and agent configurations without requiring elevated permissions.

Affected Code

Status Summary: src/commands/status.summary.ts

export function getStatusSummary(): StatusSummary {
  return {
    paths: { ... },           // Internal file system paths
    sessionId: ...,           // Session hijacking risk
    agentId: ...,             // Agent enumeration
    model: ...,               // Model configuration
    channelSummary: ...,      // Bot presence info
  };
}

Authorization: src/gateway/server-methods.ts

• status method requires only operator.read scope (minimal)
• operator.read is the default scope for all authenticated connections

Analysis

1. Any authenticated user with minimal scope can call status
2. Response includes:
   • Internal file paths (reveals deployment structure)
   • Session IDs (potential for session enumeration/hijacking)
   • Agent IDs and configurations
   • Channel configurations and bot presence information
3. No permission check for individual data fields
4. No option to limit data exposure

Exposed Data Examples

{
  "sessions": {
    "paths": ["/home/user/.openclaw/sessions"],
    "recent": [
      {
        "sessionId": "abc123...",
        "agentId": "agent-main",
        "key": "session-key-here"
      }
    ]
  },
  "channelSummary": {
    "telegram": { "botName": "...", "status": "connected" }
  }
}

Impact

• Information disclosure aids reconnaissance
• Session IDs could enable session hijacking attacks
• Path disclosure reveals deployment details
• Agent enumeration possible

Suggested Mitigation

1. Tier the response based on scope:

   • operator.read: Basic health info only (uptime, version)
   • operator.admin: Full status details

2. Redact sensitive fields from non-admin responses:

   • Session IDs → Show count only
   • Paths → Omit or hash
   • Keys → Never expose

3. Add audit logging for status endpoint access

Example Implementation

// src/commands/status.summary.ts
export function getStatusSummary(scope: string[]): StatusSummary {
  const isAdmin = scope.includes("operator.admin");

  return {
    version: VERSION,
    uptime: process.uptime(),
    // Only include detailed info for admin
    ...(isAdmin ? {
      paths: getPaths(),
      sessions: getSessions(),
    } : {}),
  };
}

Environment

• OpenClaw version: latest main branch
• Required scope: operator.read (default for all authenticated users)