How an allowed curl request became a full reverse shell in an exposed Openclaw instance. A single HTTP request with curl , pointed at a small HTTP server under my control and a text file containing shell commands , was enough to pivot an exposed OpenFang agent from “safe” behavior to a reverse shell on the host . This article focuses on that chain: how a seemingly harmless fetch slipped through the defenses, how the retrieved text was interpreted as commands, and what this says about agent security in real environments . This is a lab simulation based on a real class of vulnerabilities . The target, infrastructure details, and payloads were simulated to avoid harming real systems, but the risk pattern is real . TL;DR of the Exploit Path In the lab, I: Found an exposed OpenFang instance simulating a realistic, Internet-facing agent. Observed that it blocked obviously malicious commands and suspicious chains. Noticed that curl was allowed as a normal utility.…