OpenClaw Agent Exposes Systemwide ClawJacked Vulnerability

Oasis Security researchers on March 2, 2026 disclosed a new vulnerability in the OpenClaw autonomous AI agent, dubbed "ClawJacked", that lets malicious websites silently take full control of a developer's local system and exfiltrate data. The flaw affects local web integrations of OpenClaw and underscores urgent needs for sandboxing, patches, and stricter browser-agent isolation to protect developer environments.
Key Points
- 1Reveal that OpenClaw agent has a 'ClawJacked' exploit allowing websites to hijack local agents
- 2Show that malicious webpages can gain full system control and exfiltrate developer data silently
- 3Warn developers to restrict agent web integrations, sandbox agents, and patch OpenClaw promptly
Scoring Rationale
High practical security impact and credible researcher disclosure, limited by scope to OpenClaw and local-agent users.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
