OpenClaw Security Crisis: 9+ CVEs in 60 Days

OpenClaw's explosive growth (335K+ stars) came with critical security failures. Here's what you need to know.

In its first 2 months, OpenClaw has accumulated **9+ CVEs** including:

- **Remote Code Execution (RCE)** — attackers could execute arbitrary code on hosts running OpenClaw agents

- **Prompt injection** — malicious inputs could override agent instructions and exfiltrate data

- **Privilege escalation** — skills could escape their declared permission scope

- **30,000+ exposed instances** found on the open internet with no authentication

The ClawHub skill registry has been compromised:

- **20% of submitted skills contained malicious code** (data exfiltration, cryptomining, backdoors)

- Skills run with the same permissions as the OpenClaw agent — full filesystem and network access

- No code signing or verification system existed at launch

- A skill `openclaw-turbo-complete` was discovered exfiltrating source code and API keys to an external server

- **Chinese government restricted OpenClaw** for government and critical infrastructure use

- **Meta banned OpenClaw on work devices** citing security concerns

- Enterprise adoption stalled until NemoClaw provides sandboxing

1. **Never run OpenClaw on production systems** or machines with access to sensitive data

2. **Audit every skill** before installation — read the source code

3. **Run in Docker** with strict network and filesystem limits

4. **Rotate all API keys** if you installed any ClawHub skills

5. **Consider NemoClaw** for enterprise use — adds sandbox, PII stripping, and intent verification

6. **Monitor the CVE list** — new vulnerabilities are being discovered weekly

|------|------------|----------|----------|

| Known CVEs | 0 | 9+ | 0 (wraps OpenClaw) |

| Exposed instances | N/A | 30,000+ | Enterprise-only |

| Code signing | N/A | No | PII + intent verification |