Cherry-pick: Security hardening (2/2) (7 commits) #1868
Description
Cherry-pick from upstream — Security hardening (batch 2/2)
Source: openclaw/openclaw main branch
Scan session: 2026-03-24 (rescan after cursor reset)
Commits: 7 (7 clean, 0 partial)
Commits
| # | Hash | Subject | Author | Files | Tier |
|---|---|---|---|---|---|
| 1 | c1733d700d |
test: merge audit sandbox docker danger cases | Peter Steinberger | 1 | PICK |
| 2 | c42cb1ca66 |
refactor: audit synology dangerous name matching | Peter Steinberger | 2 | PICK |
| 3 | d2a36d0a98 |
refactor: share small test harness helpers | Peter Steinberger | 3 | PICK |
| 4 | d9fb1e0e45 |
test: dedupe acp startup test harness | Peter Steinberger | 1 | PICK |
| 5 | e4c61723cd |
ACP: fail closed on conflicting tool identity hints (openclaw#46817) | Vincent Koc | 3 | PICK |
| 6 | ef53926542 |
test: merge audit install metadata cases | Peter Steinberger | 1 | PICK |
| 7 | fb4b6eef03 |
test: merge audit code safety failure cases | Peter Steinberger | 1 | PICK |
Execution
Pick up with: /pick-from-openclaw execute issue #N
Recommended strategy: staging branch