The New Stack - OpenClaw GitHub Stars and Security

Developer and Operations Technology Media T Industry Applications

Basic Information

  • Company/Brand: The New Stack
  • Country/Region: USA
  • Official Website: https://thenewstack.io/
  • Type: Developer and Operations Technology Media
  • Founded: The New Stack was founded in 2014; OpenClaw coverage was published in 2026

Product Description

The New Stack published two significant technical analysis articles on OpenClaw. The first, "OpenClaw rocks to GitHub's most-starred status, but is it safe?" delves into the serious security issues OpenClaw faces while achieving a record number of GitHub stars. The second, "OpenClaw's biggest security flaw is why Jentic Mini exists," explores how OpenClaw's security flaws have spurred the creation of a new product, Jentic Mini, which aims to address OpenClaw's security chaos.

Core Features/Highlights

  • Star Record Analysis: Detailed documentation of OpenClaw surpassing 250,000 GitHub stars in approximately 60 days
  • Security Audit Data: Reports on critical security findings:
  • Three high-severity security advisories released simultaneously
  • CVE-2026-25253 vulnerability (CVSS score 8.8) enabling one-click remote code execution
  • Censys report of 21,639 exposed instances, a 21-fold increase within a week
  • Over 135,000 unprotected OpenClaw instances freely accessible on the internet
  • Malicious Skill Statistics: Bitdefender discovered 824+ malicious skills on ClawHub (20% of the registry), primarily installing AMOS information stealers
  • Supply Chain Attack: ClawHavoc supply chain attack identified 341 malicious skills distributing Atomic macOS Stealer (AMOS) malware
  • Solution Discussion: Jentic Mini as an alternative to OpenClaw's security flaws

Business Model

  • The New Stack is a developer technology content platform
  • Revenue generated through sponsored content, advertisements, and events
  • Free reading model
  • Focus on cloud-native, DevOps, and open-source technologies

Target Audience

  • Backend and full-stack developers
  • DevOps and SRE engineers
  • Cloud architects
  • Security engineers
  • Technical team leaders

Competitive Advantages

  • Data-Driven: Cites specific data from professional security firms like Censys and Bitdefender
  • Technical Depth: Targets developer audience with technical details such as CVE numbers and CVSS scores
  • Ecosystem Analysis: Not only reports issues but also analyzes new products (Jentic Mini) that emerge
  • Authoritative Source: The New Stack holds high technical credibility within the developer community

Market Performance

  • The report has been widely cited by security blogs and technical media
  • Detailed analysis of CVE-2026-25253 has become the standard reference for OpenClaw security discussions
  • Data on the 21-fold increase in exposed instances has been widely disseminated
  • Spurred community discussions on ClawHub skill review mechanisms

Relationship with OpenClaw Ecosystem

The New Stack's reports reveal the most severe security crisis in the OpenClaw ecosystem. Key data includes: 20% of skills on ClawHub found to be malicious (824+), over 135,000 unprotected instances exposed on the public internet, and supply chain attacks (ClawHavoc) distributing AMOS stealers through seemingly legitimate skills. These reports directly prompted the OpenClaw community to strengthen security measures and spurred alternatives like Jentic Mini. For the OpenClaw ecosystem, The New Stack's coverage represents a critical "trust crisis moment," forcing the project team and community to reassess security priorities.