Vulnerability	Vulnerable Version
M Incorrect Authorization @openclaw/nostr is an OpenClaw Nostr channel plugin for NIP-04 encrypted DMs Affected versions of this package are vulnerable to Incorrect Authorization through the `operator.write` configuration. An attacker can modify and persist unauthorized profile configurations by sending crafted HTTP requests to affected endpoints without requiring administrative privileges. How to fix Incorrect Authorization? Upgrade `@openclaw/nostr` to version 2026.5.2 or higher.	<2026.5.2
M Information Exposure @openclaw/nostr is an OpenClaw Nostr channel plugin for NIP-04 encrypted DMs Affected versions of this package are vulnerable to Information Exposure in the `config.get` process. An attacker can obtain sensitive plaintext signing keys by accessing configuration views that expose the secret value. How to fix Information Exposure? Upgrade `@openclaw/nostr` to version 2026.5.2 or higher.	<2026.5.2

Incorrect Authorization

@openclaw/nostr is an OpenClaw Nostr channel plugin for NIP-04 encrypted DMs

Affected versions of this package are vulnerable to Incorrect Authorization through the operator.write configuration. An attacker can modify and persist unauthorized profile configurations by sending crafted HTTP requests to affected endpoints without requiring administrative privileges.

How to fix Incorrect Authorization?

Upgrade @openclaw/nostr to version 2026.5.2 or higher.

<2026.5.2

Information Exposure

@openclaw/nostr is an OpenClaw Nostr channel plugin for NIP-04 encrypted DMs

Affected versions of this package are vulnerable to Information Exposure in the config.get process. An attacker can obtain sensitive plaintext signing keys by accessing configuration views that expose the secret value.

How to fix Information Exposure?

Upgrade @openclaw/nostr to version 2026.5.2 or higher.

<2026.5.2

Go back to all versions of this package