OpenClaw hit by critical admin exploit

The OpenClaw exploit is a textbook example of "trust but don't verify" in autonomous agent security, highlighting the risks of granting deep system permissions to experimental frameworks. The /pair approve flaw is devastating because it bypasses the entire security model, turning a local assistant into a potential remote access trojan. This incident underscores the danger of rapid viral growth in open-source projects before basic security primitives are hardened, especially as autonomous agents gain shell and browser control.