What is the OpenClaw security crisis about?

Within two weeks of going viral, OpenClaw was associated with growing security incidents including traditional vulnerabilities, exposed management interfaces, and distribution of malicious skills.

How many OpenClaw instances are exposed on the internet?

Over 40,000 OpenClaw instances were found exposed with critical CVE-2026-25253 (CVSS 8.8), and the number has grown to 135,000+ as of April 2026.

What makes OpenClaw fundamentally insecure?

OpenClaw's security model is operator-trust-based — the agent has broad access to tools and services with no process-level isolation between the AI and your credentials.

What is the ClawJacked vulnerability in OpenClaw?

CVE-2026-25253 allows a one-click RCE through a malicious link. The Control UI trusts gatewayUrl from the query string without validation, sending tokens to attacker-controlled servers.

What percentage of ClawHub add-ons are malicious?

Security audits flagged 12-20% of ClawHub add-ons as malicious, representing a significant supply chain risk for OpenClaw users.

← Back to dashboard

clawsmith.com/signal/openclaw-security-nightmare-dressed-daydream

⚠ IssueWide OpenLive

OpenClaw Is a Security Nightmare Dressed Up as a Daydream — 397 Points on HN

Reco.ai published a detailed security analysis of OpenClaw describing it as a 'security crisis unfolding right now.' Within two weeks of going viral, OpenClaw was associated with growing security incidents including exposed management interfaces and malicious skill distribution. HN discussion drew 397 points and 297 comments.

Product Idea from this Signal

A security service that auto-patches OpenClaw CVEs within hours of disclosure before attackers exploit them

460.5k ▲

OpenClaw shipped 9 CVEs in 4 days (March 2026) including a CVSS 9.9 privilege escalation affecting 135K+ exposed instances. Most operators have no way to know which CVEs affect their version, no automated patching, and no coordination between the flood of advisories (156+ total) and their actual attack surface. This tool continuously monitors CVE feeds, maps each advisory to your installed version and enabled features, and applies safe mitigations automatically while queuing risky patches for human approval.

SECURITYCLIDEVTOOLOPEN-SOURCESYSADMIN

CompetitiveView Opportunity →