Back to Openclaw

Contributing to the threat model

docs/security/CONTRIBUTING-THREAT-MODEL.md

2026.7.14.1 KB
Original Source

The threat model is a living document. Contributions are welcome from anyone; you do not need security or MITRE ATLAS background.

<Note> This is for adding to the threat model, not reporting live vulnerabilities. If you found an exploitable vulnerability, follow the responsible-disclosure instructions on the [Trust page](https://trust.openclaw.ai) instead. </Note>

Ways to contribute

Add a threat. Open an issue on openclaw/trust describing the attack scenario in your own words. Helpful but not required:

  • The attack scenario and how it could be exploited.
  • Which components are affected (CLI, gateway, channels, ClawHub, MCP servers, etc.).
  • Your estimate of severity (low / medium / high / critical).
  • Links to related research, CVEs, or real-world examples.

Maintainers assign the ATLAS mapping, threat ID, and risk level during review.

Suggest a mitigation. Open an issue or PR referencing the threat. Be specific and actionable: "per-sender rate limiting of 10 messages/minute at the gateway" is more useful than "implement rate limiting."

Propose an attack chain. Attack chains show how multiple threats combine into a realistic scenario. Describe the steps and how an attacker would chain them; a short narrative beats a formal template.

Fix or improve existing content. Typos, clarifications, outdated info, better examples: PRs welcome, no issue needed.

Framework reference

Threats are mapped to MITRE ATLAS (Adversarial Threat Landscape for AI Systems), a framework for AI/ML-specific threats like prompt injection, tool misuse, and agent exploitation. You do not need to know ATLAS to contribute; maintainers map submissions during review.

Threat IDs. Each threat gets an ID like T-EXEC-003, assigned by maintainers during review.

CodeCategory
RECONReconnaissance - information gathering
ACCESSInitial access - gaining entry
EXECExecution - running malicious actions
PERSISTPersistence - maintaining access
EVADEDefense evasion - avoiding detection
DISCDiscovery - learning about the environment
EXFILExfiltration - stealing data
IMPACTImpact - damage or disruption

Risk levels. If you are unsure about the level, just describe the impact; maintainers assess it.

LevelMeaning
CriticalFull system compromise, or high likelihood + critical impact
HighSignificant damage likely, or medium likelihood + critical impact
MediumModerate risk, or low likelihood + high impact
LowUnlikely and limited impact

Review process

  1. Triage - new submissions are reviewed within 48 hours.
  2. Assessment - maintainers verify feasibility, assign ATLAS mapping and threat ID, validate risk level.
  3. Documentation - formatting and completeness pass.
  4. Merge - added to the threat model and visualization.

Resources

Contact

Recognition

Contributors to the threat model are recognized in the threat model acknowledgments, release notes, and the OpenClaw security hall of fame for significant contributions.