Malicious "skills" and persnickety configuration are just a few issues that security researchers have found when installing the OpenClaw AI assistant.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

OpenClaw, a viral open source agentic AI assistant, has significant security vulnerabilities that make safe deployment challenging. Security researchers have identified multiple issues including susceptibility to prompt injection attacks, malicious skills in its marketplace (15% containing malicious code), insecure default configurations, and the ability for the agent to modify its own settings without human confirmation. The system's "lethal trifecta" of processing untrusted content, accessing private data, and external communication capabilities creates serious risks. Even uninstalling OpenClaw can leave behind sensitive credentials and configuration files if not done carefully.

OpenClaw's Gregarious Insecurities Make Safe Usage Difficult