OpenClaw Faces One-Click RCE And Data Exposure

Security researchers disclosed multiple vulnerabilities in the OpenClaw ecosystem on and around Jan. 31–Feb. 1, 2026, including a one-click remote code execution (RCE) exploit and an exposed Moltbook database. The RCE chain exploited an unvalidated WebSocket origin header to steal tokens and trigger commands; project maintainers and contributors confirmed patches and remediation. Practitioners are urged to apply fixes and rotate exposed keys immediately.