Security Alerts
Critical vulnerabilities and threats in the OpenClaw ecosystem
3
Active Threats
17,500+
Exposed Instances
341
Malicious Skills
9,000+
Compromised Installs
CVE-2026-25253: Unauthenticated API Access
Critical
OpenClaw instances expose sensitive API credentials through unprotected endpoints.
- Vulnerability: Unauthenticated access to /api/export-auth endpoint
- Impact: Full API key extraction, credential theft
- CVSS Score: 8.8 (Critical)
- Exposed Instances: 17,500+ on public internet
Mitigation
- Update to v2026.1.29 or later
- Enable authentication (password/token)
- Never expose Gateway to public internet
- Use Tailscale or SSH tunnels for remote access
ClawHavoc: Supply Chain Attack
High
Massive supply chain compromise of ClawHub marketplace with credential-stealing malware.
- Attack Vector: Malicious skills uploaded to ClawHub marketplace
- Malicious Skills: 341 skills compromised
- Compromised Installations: 9,000+
Mitigation
- Audit all installed skills manually
- Avoid community skills from untrusted sources
- Use sandboxed variants (NemoClaw, NanoClaw)
ClawJacked: WebSocket Hijacking
High
Remote code execution vulnerability allowing attackers to hijack OpenClaw instances.
- Attack Vector: Malicious websites with crafted WebSocket connections
- Impact: Remote code execution, full instance takeover
Mitigation
- Validate WebSocket origins strictly
- Implement CORS policies
- Keep OpenClaw updated to latest version
Exposed Instances Risk
Medium
Over 17,500 OpenClaw instances discovered exposed to the public internet without authentication.
- Total Exposed: 17,500+ instances
- Distribution: Clawdbot 68.9%, Moltbot 22.3%, OpenClaw 8.8%
Mitigation
- Run
openclaw doctorto check exposure - Bind Gateway to localhost only
- Use reverse proxies with authentication