Recently, the 360 Multi-Agent Collaborative Vulnerability Mining System, a proprietary innovation of the 360 Digital Security Group, has identified a significant security flaw within the OpenClaw platform. Specifically, this vulnerability manifests as a local file disclosure issue, triggered by a MEDIA protocol Prompt injection that circumvents tool permissions. This security concern has been duly verified by the National Information Security Vulnerability Database and poses a threat to over 170,000 publicly accessible OpenClaw instances, spanning more than 50 countries and regions globally. The crux of this vulnerability's danger lies in its capacity to evade the platform's tool policy controls. Consequently, attackers can exploit this flaw to pilfer sensitive server information, armed with nothing more than basic group chat member permissions. This, in turn, could pave the way for subsequent cyberattacks.