OpenClaw Under Fire: Prompt Injection and Data Leakage Risks
CNCERT warns that OpenClaw’s weak default security and privileged execution could enable prompt-injection attacks, including indirect prompt injection via web content and link previews that leak sensitive data; other risks include misinterpretation causing data loss, uploading malicious skills to repositories like ClawHub, and exploiting known vulnerabilities. China is restricting OpenClaw in state entities, while attackers distribute malware via GitHub rep o s posing as OpenClaw installers. Mitigations include hardening networks, isolating the service, avoiding plaintext credentials, downloading skills only from trusted sources, disabling automatic updates, and keeping the agent up to date.