OpenClaw Exposes User Data And Credentials

OpenClaw, an open-source autonomous AI agent released in November 2025, is rapidly adopted but has triggered multiple security incidents, including a late-February mass-email deletion and exposed admin interfaces. Researchers and penetration testers have documented credential leakage, supply-chain compromises (a Jan. 28 Cline exploit), and massive agent deployments like Moltbook’s 1.5 million agents, while AWS links AI-assisted workflows to 600+ FortiGate compromises.
Key Points
- 1OpenClaw: local autonomous agent released November 2025 with proactive access to files and services
- 2Warns exposing web admin interfaces leaks API keys, tokens, conversation history enabling impersonation
- 3Recommend isolating agents, vetting skills, and securing workflows to prevent prompt-injection and supply-chain attacks
Scoring Rationale
High operational and industry-wide relevance with actionable mitigation steps, but mainly reports recent incidents without novel technique.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
