🕷️
SetupAI
🐯Stalecollected in 3m

OpenClaw Fuels $1M Install Services Boom

OpenClaw Fuels $1M Install Services Boom
PostLinkedIn
🐯Read original on 虎嗅
#ai-agent#installation#security-vuln#cost-optimizationopenclaw

💡Viral open-source AI agent sparks pro installs but exposes $750/mo idle costs & hacks

⚡ 30-Second TL;DR

What Changed

OpenClaw enables natural language task execution on local devices with 240k GitHub stars

Why It Matters

Drives new business for installers but highlights barriers for mainstream adoption; security issues could slow growth. Ecosystem tools and optimizations emerging to cut costs.

What To Do Next

Deploy OpenClaw via Tencent Cloud one-click and test task routing to cheap models.

Who should care:Developers & AI Engineers

🧠 Deep Insight

Web-grounded analysis with 7 cited sources.

🔑 Enhanced Key Takeaways

  • OpenClaw originated as 'Clawdbot,' renamed to 'Moltbot' then 'OpenClaw' due to Anthropic trademark pressure[1].
  • Founder Steinberger joined OpenAI, with Sam Altman praising him as a genius and indicating the technology will integrate into OpenAI products; project now governed by a foundation[1][3].
  • CVE-2026-25593 enables remote code execution via unsafe cliPath in WebSocket API, affecting versions before 2026.1.20, fixed with input sanitization[5].
  • Release v2026.2.23 introduced security hardening like optional HSTS headers, new providers (Kilo Gateway, Moonshot/Kimi with web_search), alongside 340+ malicious ClawHub skills reported[2][3][4].

🛠️ Technical Deep Dive

  • Single Gateway process integrates all messaging channels (e.g., WhatsApp, Slack), persistent Markdown-based memory, and proactive Heartbeat system for task initiation[1].
  • Skills are Markdown files published on ClawHub extending capabilities to real-time automation, application connectivity (IDE, home servers), but vulnerable to malicious injections like CVE-2026-25253 in AI gateway[4].
  • CVE-2026-25593 root cause: unsanitized cliPath in config.apply WebSocket endpoint allows command injection during discovery; fixed in v2026.1.20 with validation[5].
  • v2026.2.23 changes: HSTS headers, Claude Opus 4.6 routing, Vercel AI Gateway support, session maintenance, reasoning-leakage fixes[2].

🔮 Future ImplicationsAI analysis grounded in cited sources

OpenClaw foundation governance will enable enterprise-grade security by Q2 2026
Post-security crisis and founder departure, the new structure supports community-driven hardening as seen in v2026.2.23 updates[1][2].
OpenAI product integration will boost OpenClaw adoption to over 500k stars by mid-2026
Sam Altman's endorsement and founder's hire signal core tech adoption, building on 234k stars and 2M weekly visitors[1][3].

Timeline

2025-12
Launched as Clawdbot personal project
2026-01
Renamed to Moltbot then OpenClaw after Anthropic trademark; crossed 180k GitHub stars
2026-02-06
CVE-2026-25593 published for RCE vulnerability; fixed in v2026.1.20
2026-02-23
v2026.2.23 released with security hardening and new AI providers
2026-02
Founder Steinberger joins OpenAI; project shifts to foundation governance
2026-02-27
Reached 234k GitHub stars with 10,700+ skills
🐯Read original article on 虎嗅
📰

Weekly AI Recap

Read this week's curated digest of top AI events →

👉Related Updates

Same topic

Explore #ai-agent

Same product

More on openclaw

Same source

Latest from 虎嗅

Infinite Flow Novels Hit Screens: A 2026 Trend

Infinite Flow Novels Hit Screens: A 2026 Trend

虎嗅Jun 29
Scientific Advisor reveals physics behind The Wandering Earth 2

Scientific Advisor reveals physics behind The Wandering Earth 2

虎嗅Jun 29
Bai Ge Online IPOs on HKEX as AI Insurance First

Bai Ge Online IPOs on HKEX as AI Insurance First

虎嗅Jun 29

AI-curated news aggregator. All content rights belong to original publishers.
Original source: 虎嗅