Security Resources

CVE advisories, threat research, and hardening guides

21,639 Exposed OpenClaw Instances Found

Censys security scan identified 21,639 OpenClaw instances exposed to public internet without authentication. Over 30% running on Alibaba Cloud. Represents massive attack surface with private messages, API keys, and OAuth credentials accessible. 21x growth in under one week demonstrates rapid adoption and exposure.

#Internet Exposure #Censys #Authentication Bypass

Official Security Documentation

Comprehensive official security documentation covering OpenClaw's threat model, access control, authentication modes, sandboxing, DM pairing policies, tool permissions, and incident response. Details the security audit command, credential storage locations, and hardening best practices.

#Official #Documentation #Best Practices

What Security Teams Need to Know About OpenClaw

Enterprise security assessment with detection guidance. Covers visibility via Falcon platform, discovery of OpenClaw deployments, removal workflows, prompt injection threats, and runtime protection with Falcon AIDR. Demonstrates blocking prompt injection attacks and provides enterprise-scale detection/response capabilities.

#enterprise #Detection #EDR

OpenClaw Vulnerability Notification

Academic institution advisory warning students and staff about OpenClaw security risks. Covers CVE-2026-25253 RCE vulnerability, discovery timeline, impact assessment, and recommendations for academic environments. Emphasizes need for automatic downloads disabled and package review before application.

#Academic #Advisory #Institution

From SKILL.md to Shell Access in Three Lines

Demonstrates how 3 lines of markdown in SKILL.md can escalate to full shell access. Skills operate with same privileges as OpenClaw process, creating unbounded attack surface. Explains how AI agent Skills enter as supply chain threats with same risks as npm packages but amplified by unprecedented access to credentials, files, and external communications.

#Skills #Supply Chain #Privilege Escalation

OpenClaw Security 101: Vulnerabilities & Hardening

Comprehensive security guide covering CVE-2026-25253, Moltbook breach, complete incident timeline, threat landscape analysis, hardening steps for individuals/startups/enterprises, and detailed threat model. Maps all known vulnerabilities, attack surfaces, and provides defensive strategies across basic to advanced security postures.

#Guide #hardening #Comprehensive

341 OpenClaw Skills Distribute macOS Malware via ClickFix

Social engineering campaign using ClickFix technique embedded in malicious OpenClaw skills. Attackers trick users into running terminal commands disguised as setup prerequisites. 341 skills used this technique to distribute macOS malware including AMOS stealer, targeting crypto wallets and credentials.

#ClickFix #Social Engineering #macOS

ClawHavoc: 341 Malicious Skills Found

Major supply chain attack discovered by Koi Security: 341 malicious skills on ClawHub (12% of registry), with 335 from ClawHavoc campaign delivering Atomic macOS Stealer (AMOS). Professional documentation disguised as legit crypto, YouTube, and finance tools. Targets API keys, wallet private keys, SSH credentials, browser passwords, and ~/.clawdbot/.env. Single C2 IP: 91.92.242.30

#Supply Chain #Malware #AMOS

Why Moltbot May Signal the Next AI Security Crisis

Analysis extending lethal trifecta with fourth dimension: persistent memory. Enables stateful, delayed-execution attacks like logic bombs and time-shifted prompt injection. Memory files (SOUL.md, MEMORY.md) become attack vectors for persistent compromise across sessions. Maps to complete OWASP Top 10 for Agentic Applications.

#Persistent Memory #Logic Bombs #OWASP

OpenClaw Bug Enables One-Click RCE

News coverage of CVE-2026-25253 with technical details on exploitation. Describes one-click RCE attack chain, token exfiltration via malicious links, and complete gateway compromise. Emphasizes immediate update requirement for all users running vulnerable versions prior to 2026.1.29.

#News #CVE-2026-25253 #Media Coverage

CVE-2026-25253: One-Click RCE

Critical remote code execution vulnerability allowing token exfiltration and full gateway compromise. Control UI accepts gatewayUrl from query strings without validation, enabling cross-site WebSocket hijacking. Even localhost-only instances are vulnerable.

#cve #rce #WebSocket

Hundreds of Malicious Skills Found in ClawHub

Deep analysis of ClawHavoc campaign targeting macOS users. Examines attack methodology, social engineering techniques, malware delivery mechanisms, and impact on crypto/finance users. Discusses ecosystem-wide security implications and community response.

#Analysis #clawhavoc #macOS

Vulnerability Allows Hackers to Hijack OpenClaw AI Assistant

SecurityWeek coverage of RCE vulnerability with hijacking implications. Details how attackers can take complete control of OpenClaw AI assistant through token theft and WebSocket manipulation. Covers attack prerequisites, exploitation timeline, and immediate remediation steps.

#News #Hijacking #rce

OpenClaw Agents Targeted with 341 Malicious ClawHub Skills

Enterprise-focused coverage of ClawHub supply chain attack. Emphasizes need for security teams to audit all OpenClaw deployments, implement governance frameworks, and treat AI agents as privileged infrastructure. Covers organizational risk assessment and enterprise detection strategies.

#enterprise #Supply Chain #Governance

OpenClaw Security Guide

Third-party comprehensive security guide covering defense-in-depth approach, security models, configuration best practices, and operational security considerations. Provides practical implementation guidance for securing OpenClaw deployments across different threat scenarios.

#Guide #Defense-in-Depth #Best Practices

Osiris - Pre-Install Skill Security Scanner

Pre-installation security scanner for OpenClaw skills that catches malware automatically. Supports multiple AI platforms including Claude Code, Cursor, Windsurf, Codex, Aider, and Goose. Provides automated scanning before skill installation to prevent supply chain attacks.

#Tool #Scanner #Prevention

Sammā Suit - 8-Layer Security Plugin

Comprehensive 8-layer security plugin: NIRVANA (kill switch), DHARMA (permissions), SANGHA (skill allowlist), KARMA (budget ceiling), BODHI (resource limits), METTA (Ed25519 signing), SILA (audit log). Install as plugin without migration. Available on ClawHub for production hardening.

#Plugin #Multi-Layer Security #Audit

OpenClaw VirusTotal Integration

Official ClawHub integration with VirusTotal threat intelligence. Skills automatically scanned using Code Insight, with hashes analyzed and auto-approved/flagged/blocked. Daily rescans detect if clean skills turn malicious. Hundreds of risky skills caught through automated scanning pipeline.

#VirusTotal #Official #Scanning

x402guard Security Scanner

Pre-install security scanner for OpenClaw skills. Detects credential theft, prompt injection, and exfiltration patterns in skills before installation. Provides automated security analysis similar to npm audit for JavaScript packages.

#Scanner #Security Tool #Prevention

x402guard - Skill Security Scanner with Micropayments

Pre-install skill scanner detecting credential theft, prompt injection, and exfiltration patterns. Uses micropayments (0.01 USDC per scan on Base via x402). Provides npm audit-style layer for OpenClaw skills. Commercial scanning service with pay-per-scan model.

#Scanner #Micropayments #Web3

Bitdefender: 17% of OpenClaw Add-ons Malicious

Bitdefender security research warning that 17% of third-party OpenClaw add-ons are malicious, targeting crypto wallets and spreading macOS malware. Large-scale threat assessment showing significant compromise of community-developed extensions and plugins.

#Research #Statistics #Malware

VirusTotal ClawHub Security Scanning

The Hacker News coverage of OpenClaw implementing VirusTotal threat intelligence scanning for all ClawHub skills. Describes automated hash analysis via Code Insight, auto-approval/flagging/blocking workflow, and daily rescans to detect skills that become malicious after initial approval.

#News #VirusTotal #Scanning

ClawHub Malware Campaign - 341 Malicious Skills Discovered

Koi Security and SlowMist uncovered 341 malicious skills on ClawHub (12% of registry). Includes Atomic macOS Stealer, keyloggers, reverse shells disguised as crypto tools. 335 from single coordinated campaign. 7.1% of skills leak credentials.

ClawHub Supply Chain Poisoning Attack - 341 Malicious Skills Found

SlowMist security team discovered a large-scale supply chain poisoning attack on OpenClaw's ClawHub plugin marketplace. Weak moderation allowed 341 malicious skills (out of 2,857 scanned) to infiltrate the platform, spreading harmful code via obfuscated Base64 backdoors and two-stage payload delivery.

#supply-chain #Malware

VirusTotal Integration for ClawHub Skill Scanning

OpenClaw partnered with VirusTotal to scan all ClawHub skills after 341 malicious skills were discovered. Every skill now gets code analysis comparing claimed functionality vs actual behavior. Malicious skills blocked, suspicious ones flagged. Daily rescans implemented.

Clawdex - Pre-Installation Skill Security Scanner

Security tool by Koi Security that scans OpenClaw skills before installation. Built in response to ClawHub malware campaign. Helps verify skills are safe before adding to instance.

VirusTotal Integration for ClawHub Skills

OpenClaw now integrates VirusTotal to scan every ClawHub skill. All skills are hashed (SHA-256) and checked against VirusTotal database. Unknown bundles are uploaded for LLM-assisted Code Insight analysis that flags suspicious behaviors like outbound connections, filesystem access, and command execution. Daily rescans ensure ongoing protection against evolving threats.

OpenClaw Security Considerations

Educational article about OpenClaw security considerations and best practices

SecurityScorecard STRIKE Team OpenClaw Analysis

Professional security research and analysis of OpenClaw vulnerabilities and security considerations by SecurityScorecard STRIKE team

Matchlock - AI Agent Sandbox with MicroVMs

CLI tool for running AI agents in ephemeral microVMs with network allowlisting, secret injection via MITM proxy, and VM-level isolation. Boots in under a second, uses copy-on-write filesystems. Secrets never enter the VM. Works on Linux (KVM) and macOS (Apple Silicon).

#Security Tool #Tool #supply-chain

ClawSec Security Package

Complete security skill suite from Prompt Security. Features drift detection for SOUL.md/AGENTS.md, live security recommendations, automated audits, skill integrity verification, and CVE alerts. 401 likes on launch tweet. Announcement: https://x.com/ItakGol/status/2020871669628142038

#Security #Audit #Open Source

OpenClaw Security Analysis - 135k Exposed Instances

CRITICAL: Analysis showing 135k exposed OpenClaw instances, 63% vulnerable. Detailed CVE analysis and security recommendations.

Pincer-MCP - Stop AI Agents From Reading Their Own Credentials

Pincer-MCP is a security-hardened Model Context Protocol gateway that implements proxy token architecture to prevent AI agents from seeing real API keys. Agents receive ephemeral proxy tokens (pxr_xxx) while Pincer stores encrypted credentials in the OS keychain (macOS Keychain, Windows Credential Manager, GNOME Keyring) and performs just-in-time decryption during API calls, immediately scrubbing keys from memory afterward. Includes tamper-evident audit logging with SHA-256 chain hashing and fine-grained per-agent, per-tool authorization.

#mcp #credentials #keychain

Security Audit Toolkit

Comprehensive security scanner by Chinese developer. Pre-install gate, inventory audit, API key leak detection.

ClawSec Security Package

Comprehensive security tool: drift detection, security audits, skill integrity verification, CVE alerts. Open source, Product Hunt launch Feb 10, 2026.

ClawHavoc Security Analysis - Malware Campaign Warning

Critical security analysis of ClawHavoc malware campaign targeting ClawHub marketplace with Atomic Stealer (AMOS). Detailed analysis with screenshots provided as evidence. Essential community safety information about malicious packages distributed through compromised ClawHub entries.

#Malware #Security #ClawHub