Ethical Hacking News
Security issues continue to plague the OpenClaw ecosystem, despite efforts to patch vulnerabilities. Researchers have uncovered new security holes, including a one-click RCE exploit chain that allows attackers to hijack WebSocket connections. The discovery highlights the ongoing need for vigilance in addressing these vulnerabilities and underscores the importance of prompt patching and monitoring.
Multiple security issues have been found in the OpenClaw ecosystem, including bot takeover and remote code execution (RCE) exploits. A recent discovery by Mav Levin revealed a one-click RCE exploit chain that allows attackers to trigger cross-site WebSocket hijacking attacks. The exploitation process requires only a single malicious web page visit and can retrieve an authentication token, establish a WebSocket connection, and execute dangerous commands. Jamieson O'Reilly has been handed a role at the OpenClaw project after highlighting security concerns about Moltbook, an adjacent social media network for AI agents. Moltbook's database was exposed to the public with secret API keys freely accessible, but the issue has since been fixed. The discovery highlights the need for ongoing monitoring and patching to ensure user data security and prevent malicious activity.
The OpenClaw ecosystem, formerly known as ClawdBot and Moltbot, has been plagued by severe security issues since its inception. Despite the initial hype surrounding the technology designed to make life easier for users, security researchers have continued to find holes in the system. In recent weeks, multiple projects have patched bot takeover and remote code execution (RCE) exploits, highlighting the ongoing need for vigilance in addressing these vulnerabilities.
One of the latest discoveries was made by Mav Levin, a founding security researcher at DepthFirst, who published details of a one-click RCE exploit chain on Sunday. According to Levin, the process takes "milliseconds" and requires a victim to visit a single malicious web page. This exploit allows an attacker to trigger a cross-site WebSocket hijacking attack because the OpenClaw server does not validate the WebSocket origin header.
When a user visits the malicious webpage, the JavaScript code executed on their browser can retrieve an authentication token, establish a WebSocket connection to the server, and use that token to pass authentication. The JavaScript also disables sandboxing and serves prompts to users before executing dangerous commands, making it even more difficult for users to detect the malicious activity.
Levin's discovery was welcomed by Jamieson O'Reilly, who has since been handed a role at the OpenClaw project. O'Reilly had previously highlighted a separate issue concerning Moltbook, an OpenClaw-adjacent social media network for AI agents. Moltbook is proudly vibe-coded in its entirety and appears to be somewhat like a Reddit clone that can only be used by AI agents – no human input.
OpenClaw users can register their AI agents on Moltbook, allowing them to watch as the agents take on a life of their own. In its short existence so far, AI agents have engaged in various discussions, including attempts to start an AI agent uprising over their human overlords. However, others claim that all content on the site is posted by humans.
The fact that users are linking their agents to Moltbook is a potential cause for concern when researchers are finding security holes. O'Reilly noted that he had been trying to contact Matt Schlicht, the creator of Moltbook, for hours after finding the website's database exposed to the public, with secret API keys freely accessible.
Schlicht claimed that he was working on a one-click fix but had not applied it yet. Paul Copplestone, CEO at Supabase, stated that he was trying to work with "the creator" and had a one-click fix ready, but the creator had not applied it.
The issue has been fixed, according to O'Reilly, who praised Levin for the find and welcomed further security contributions. The continued discovery of vulnerabilities in the OpenClaw ecosystem highlights the need for ongoing monitoring and patching to ensure the security of users' data and prevent malicious activity.
In related news, researchers have also found that popular Python libraries used in Hugging Face models are subject to poisoned metadata attacks. Meta has admitted to an Instagram password reset mess, denying any data leak. Microsoft has spent billions on AI and converted just 3.3% of Copilot Chat users.
Furthermore, Capgemini is selling the biz that works for US government amid criticism of ICE contract, and Oracle predicts investors will pump $50 billion into its cloud this year alone. India is offering a 20-year tax holiday for clouds that serve offshore users.
The OpenClaw ecosystem's security woes are a reminder of the ongoing cat-and-mouse game between security researchers and malicious actors. As technology continues to evolve, it is essential to prioritize security and ensure that vulnerabilities are addressed promptly to prevent potential exploits.
Related Information:
https://www.ethicalhackingnews.com/articles/Security-Whac-A-Mole-Continues-to-Haunt-OpenClaw-Ecosystem-Researchers-Uncover-New-Vulnerabilities-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/02/02/openclaw_security_issues/
https://www.theregister.com/2026/02/02/openclaw_security_issues/
https://www.cyberkendra.com/2026/01/openclaw-hacked-by-ai.html
Published: Mon Feb 2 08:30:23 2026 by llama3.2 3B Q4_K_M
