🐯Stalecollected in 28m

OpenClaw Users Report Data Loss Fears

OpenClaw Users Report Data Loss Fears
PostLinkedIn
🐯Read original on 虎嗅

💡Real OpenClaw pitfalls: data wipes, privacy breaches – security must-read

⚡ 30-Second TL;DR

What Changed

Users spent thousands on tokens; auto-executes without confirmation, e.g., video compression installs software unasked.

Why It Matters

Highlights agent autonomy risks, prompting safer designs; slows OpenClaw adoption amid hype to caution.

What To Do Next

Install OpenClaw in a VM sandbox and audit skills from official repos before running.

Who should care:Developers & AI Engineers

🧠 Deep Insight

Web-grounded analysis with 7 cited sources.

🔑 Enhanced Key Takeaways

  • OpenClaw experienced explosive growth, gaining 25,000 GitHub stars in one day during late January 2026 and reaching 201,000 stars total, marking it as one of the fastest-growing open-source projects in GitHub history.[1][2][6]
  • Security researchers identified over 135,000 publicly exposed OpenClaw instances across 82 countries, with more than 50,000 exploitable via RCE and over 30,000 lacking authentication, scanned by firms like Censys, Bitsight, and SecurityScorecard.[1][2][5][6]
  • The ClawHavoc supply-chain campaign initially placed 341 malicious skills (12% of ClawHub registry), later expanding to over 800 (~20%), many delivering Atomic macOS Stealer (AMOS) while disguised as utilities like crypto tools.[1][5]
  • OpenClaw stores API keys, OAuth tokens, Slack credentials, and chat histories in plaintext files like ~/.openclaw/, targeted by infostealers such as AMOS, RedLine, Lumma, and Vidar, with enterprise Shadow AI deployments confirmed via Bitdefender telemetry.[1][3]

🛠️ Technical Deep Dive

  • CVE-2026-25253 (CVSS 8.8) enables one-click RCE via malicious JavaScript on a webpage that lures the agent, leaking the gateway authentication token for full admin control; exploitable on localhost instances as browser initiates outbound connection; patched in v2026.1.29 (Jan 29, 2026) and related ClawJacked flaw in v2026.2.25 (Feb 26, 2026).[1][2][3]
  • Default configuration disables authentication, accepts unverified WebSocket connections without origin checks, and lacks rate limiting on login attempts, exposing new installs to immediate internet access.[2][3]
  • Proof-of-concept exploit available on GitHub (ethiack/moltbot-1click-rce) abuses unvalidated WebSocket parameter for session hijacking and arbitrary command execution.[5]
  • Exposed mDNS services in 15.31% of scanned instances (3,746 out of 24,478) reveal host information; ClawHub skills lack pre-installation vetting, enabling malware distribution.[1][5]

🔮 Future ImplicationsAI analysis grounded in cited sources

OpenClaw unpatched instances must be assumed compromised
CVE-2026-25253 and ongoing ClawHavoc malicious skills persist in exposing plaintext credentials and enabling RCE on misconfigured deployments.[1][3]
AI agent marketplaces will require mandatory vetting
ClawHub's 20% malicious skills rate demonstrates supply-chain poisoning risks outpacing community patching capabilities.[1][5]
Enterprise Shadow AI from tools like OpenClaw will trigger new detection mandates
Bitdefender telemetry confirms corporate endpoint deployments with elevated privileges, amplifying multi-vector threats.[1]

Timeline

2026-01
OpenClaw gains 25,000 GitHub stars in one day, surging to viral popularity as fastest-growing open-source project.[2][6]
2026-01-28
Initial CVE-2026-25253 RCE vulnerability reported, patched within 24 hours in v2026.1.29.[1][2]
2026-02
ClawHavoc campaign discovered with 341 malicious skills in ClawHub (12% of registry); scans later find 800+ (~20%).[1][5]
2026-02-25
Related ClawJacked RCE disclosure (CVE-2026-25253), patched in v2026.2.25 within 24 hours.[2]
2026-02
Researchers identify 135,000+ exposed instances, 50,000+ RCE-exploitable, across 82 countries.[2][5]
2026-03
Multiple security firms publish guidance; enterprise incidents and infostealer targeting confirmed.[1][3][6]
📰

Weekly AI Recap

Read this week's curated digest of top AI events →

👉Related Updates

AI-curated news aggregator. All content rights belong to original publishers.
Original source: 虎嗅