It's still bad, even if they fixed some low hanging fruits. Main issue: prompt injection when using the LLM "user" channel with untrusted content (even with countermeasures and frontier model) combined with insecure config / plugins / skills... I experimented with it: https://veganmosfet.github.io/2026/02/02/openclaw_mail_rce.h...