Basic Information
| Item | Details |
|---|
| Product Name | OpenClaw Security Audit Report |
| Product Type | Security Audit and Vulnerability Analysis |
| Audit Sources | ClawSecure, Snyk, Kaspersky, Semgrep, SlowMist, etc. |
| Severity Level | 512 vulnerabilities found, 8 critical |
| Most Severe CVE | CVE-2026-25253 (CVSS 8.8) |
| Exposed Instances | 42,000+ global instances using weak default configurations |
Product Overview
The OpenClaw Security Audit Report aggregates the results of security audits conducted by various security agencies and researchers on OpenClaw. The audits revealed severe security vulnerabilities, including remote code execution, skill supply chain attacks, prompt injection, and more. These reports have driven the security hardening efforts for OpenClaw.
Major Vulnerability Discoveries
CVE-2026-25253 (Critical)
| Attribute | Details |
|---|
| Type | Remote Code Execution (RCE) |
| CVSS Score | 8.8 (High) |
| Affected Component | OpenClaw Gateway WebSocket Processor |
| Disclosure Date | February 14, 2026 |
| Fixed Version | OpenClaw 2026.2.23 |
| Impact Scope | 42,000+ exposed instances |
| Attack Method | One-click remote code execution |
ClawJacked Vulnerability
- Malicious websites can hijack local OpenClaw proxies via WebSocket
- Allows remote sites to gain control of AI agents
- Affects all unupdated instances
Audit Overview
| Metric | Data |
|---|
| Total Vulnerabilities Found | 512 |
| Critical Vulnerabilities | 8 |
| High-Risk Vulnerabilities | Multiple |
| Exposed Weak Default Instances | 42,000+ |
Skill Supply Chain Security
ClawHub Skill Audit
| Audit Agency | Findings |
|---|
| ClawSecure | 41.7% of widely used skills contain substantial vulnerabilities |
| Snyk (ToxicSkills) | 36% of all ClawHub skills contain detectable prompt injection |
ClawHavoc Operation
- Researcher Oren Yomtov audited 2,857 ClawHub skills
- Found 341 malicious entries
- 335 of these traced back to a single coordinated operation
- The operation was named "ClawHavoc"
Vulnerability Types
| Type | Description | Severity |
|---|
| Command Injection | Executing arbitrary commands via skills | Critical |
| Credential Exposure | API keys and credentials leaked | High |
| Prompt Injection | Manipulating agent behavior via prompts | High |
| Privilege Escalation | Gaining unauthorized privileges | High |
| Data Leakage | Sensitive data exposure | Medium to High |
Security Audit Tools
Built-in Security Audit
- Gateway authentication exposure
- Browser control exposure
- Elevated allowlists
- File system permissions
- Loose execution approvals
- Open channel tool exposure
Third-Party Security Tools
| Tool | Provider | Function |
|---|
| Security Practice Guide | SlowMist | Agent security hardening checklist |
| Security Engineer Cheat Sheet | Semgrep | Quick reference for security configurations |
| Security Audit Checklist | Blink | 10-step hardening guide |
Security Hardening Recommendations
10-Step Security Hardening Checklist (Blink)
- Update to the latest version
- Configure strong authentication
- Restrict WebSocket access
- Audit installed skills
- Limit file system permissions
- Configure network isolation
- Enable log auditing
- Regular security scans
- Monitor abnormal behavior
- Develop an incident response plan
Microsoft Security Recommendations
- Identity isolation
- Runtime risk control
- Principle of least privilege
- Containerized isolation deployment
Industry Reactions
Media Coverage
| Media | Title | Perspective |
|---|
| Kaspersky | "OpenClaw Found Insecure" | Security vendor warning |
| The Hacker News | "ClawJacked Vulnerability" | Technical analysis |
| SecurityWeek | "AI Agent Systems Need Better Governance" | Governance perspective |
| eSecurity Planet | "41% of Skills Contain Vulnerabilities" | Data reporting |
| Microsoft Security Blog | "Running OpenClaw Safely" | Best practices |
Sources