### Summary
OpenClaw accepted `camera.snap` / `camera.clip` node payload `url` fields and downloaded them on the gateway/agent host without binding downloads to the resolved node host.

In OpenClaw's documented trust model, paired nodes are in the same operator trust boundary, so this is scoped as medium-severity hardening. A malicious or compromised paired node could still steer gateway-host fetches during camera URL retrieval.

### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `>= 2026.2.13 <= 2026.3.1`
- Latest vulnerable published version at time of update: `2026.3.1`
- Patched versions: `>= 2026.3.2` (released)

### Technical Details
Vulnerable flows accepted URL payloads and downloaded directly from the provided URL:
- `src/cli/nodes-camera.ts` (`writeUrlToFile`) fetched URL payloads without node-host binding.
- `src/cli/nodes-cli/register.camera.ts` passed `camera.snap` / `camera.clip` payload URLs into that downloader.
- `src/agents/tools/nodes-tool.ts` did the same for `camera_snap` / `camera_clip` tool actions.

### Impact
A malicious/compromised paired node could cause gateway-host URL fetches to off-node destinations reachable from the host network. This could be used for internal network probing/fetch pivots in deployments where paired nodes are not fully trusted.

### Remediation
The fix introduces fail-closed node-host binding and guarded fetch for camera URL payload downloads:
- Require resolved node host metadata for URL payload downloads.
- Enforce hostname match between payload URL and resolved node host.
- Use SSRF-guarded fetch with redirect host/protocol checks.
- Apply the same enforcement across CLI and agent tool camera paths.

### Fix Commit(s)
- `3bf19d6f40a0aaa55818b96eede3d05130c02533`

CWE-918 Server-Side Request Forgery (SSRF)