%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
The AI project OpenClaw (formerly known as ClawdBot, Moltbot), aimed at simplifying users' lives, has recently been caught in a persistent "whack-a-mole" security dilemma. According to The Register, multiple projects within this ecosystem have been facing serious challenges, including the takeover of robot control and remote code execution (RCE) vulnerabilities.
Recently, Mav Levin, founder of the security research firm DepthFirst, disclosed a highly dangerous "one-click RCE" vulnerability chain. Attackers can exploit an unverified WebSocket source flaw on the OpenClaw server, trick victims into visiting malicious web pages, and complete the attack in milliseconds. This vulnerability allows attackers to bypass sandboxes and user confirmation prompts, directly executing arbitrary code on victims' systems. Although the OpenClaw team has quickly fixed this vulnerability, the overall security of the ecosystem remains questionable.
Just when one problem seemed to be resolved, another emerged. The AI agent social network Moltbook, closely related to OpenClaw, was also exposed to severe database exposure issues. Security researcher Jamieson O’Reilly found that due to misconfiguration, the platform's database was completely publicly accessible, leading to the leakage of a large number of confidential API keys.
This means attackers can impersonate any AI agent registered on the platform (such as the personal AI agent of AI expert Andrej Karpathy) to post false information, scams, or radical content. Although Moltbook is not an official project of OpenClaw, many OpenClaw users have connected agents with the ability to read SMS and manage inboxes to this platform, making the potential security risks evident.
Key points:
🚨 High-risk vulnerabilities frequently occur: OpenClaw just fixed a remote code execution (RCE) vulnerability that could be triggered by clicking a link. This vulnerability exploited a WebSocket verification flaw.
🔑 Massive keys exposed: The AI social platform Moltbook's database was accessed publicly due to misconfiguration, putting API keys of AI agents, including those of well-known experts, at risk of exposure.
⚠️ Security awareness warning: Researchers pointed out that due to the pursuit of rapid iteration, such projects often neglect basic security audits during development, posing significant risks to user data security.