Yet another "OpenClaw is insecure" post! I found this simple but elegant way to get silent RCE via email, exploiting prompt injection (despite countermeasures, there is no silver bullet) and insecure plugin handling (not skills!). I try to explain how it works and some ideas about hardening. Note: prompt injection attacks are out-of-scope in the security policy. Happy to get feedback.