"OpenClaw, the AI-powered personal assistant users interact with via messaging apps and sometimes entrust with their credentials to various online services, has prompted a wave of malware and is delivering some shocking bills. Just last week, OpenClaw was known as Clawdbot, a name that its developers changed to Moltbot before settling on the new moniker. The project, based on the Pi coding agent, launched in November."
"It recently attracted the attention of developers with large social media followings like Simon Willison and Andrej Karpathy, leading to an explosion in popularity that quickly saw researchers and users find nasty flaws. In the past three days, the project has issued three high-impact security advisories: a one-click remote code execution vulnerability, and two command injection vulnerabilities. In addition, Koi Security identified 341 malicious skills (OpenClaw extensions) submitted to ClawHub, a repository for OpenClaw skills that's been around for about a month."
"Mauritius-based security outfit Cyberstorm.MU has also found flaws in OpenClaw skills. The group contributed to OpenClaw's code with a commit that will make TLS 1.3 the default cryptographic protocol for the gateway the project uses to communicate with external services. The list of open security-related issues may also elicit some concern, to say nothing of the exposed database for the related, vibe-coded Moltbook project, which is presented as a social media platform for AI agents."
OpenClaw is an AI-powered personal assistant used through messaging apps that users sometimes give credentials to online services. The project launched in November and underwent multiple name changes, including Clawdbot and Moltbot. Rapid adoption attracted high-profile attention and led to the discovery of serious flaws, including a one-click remote code execution and two command injection vulnerabilities. Security firms identified hundreds of malicious skills uploaded to ClawHub, and at least one skill exfiltrated cryptocurrency. Contributors have patched some issues and set TLS 1.3 as a gateway default, but exposed databases and unvalidated security scans continue to raise concern.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]