Known Vulnerabilities & Security Advisories

This page tracks known OpenClaw security issues, CVEs, ClawHub marketplace incidents, and how the project addresses them. Use it to stay informed, check whether your deployment is affected, and apply mitigations. Security researchers from Cisco, CrowdStrike, and Snyk have highlighted risks around the gateway and the skills marketplace-staying updated is essential.

📖 Related: For hardening your installation, see Security Best Practices and the Security Checklist. For ClawHub-specific risks and auditing, see Skills Security.

1. Overview: What This Page Covers

OpenClaw is a self-hosted autonomous AI agent that can run shell commands, access files, and call external APIs. Known security issues fall into these categories:

Gateway and core: Exposed ports, authentication bypasses, and core software CVEs (when assigned).
ClawHub skills marketplace: Credential leaks in third-party skills, malware, and fake or malicious packages (e.g. fake crypto tools).
Credential and secret exposure: API keys or secrets logged, embedded in error messages, or sent to external endpoints.
Prompt injection and agent abuse: Crafted input that can trick the model into ignoring instructions or performing unintended actions.

Official security advisories and CVEs are published by the OpenClaw project (e.g. GitHub Security tab, release notes). This page summarizes the types of vulnerabilities that have been reported or studied and points you to mitigations and where to get the latest advisories.

2. ClawHub Marketplace: Credential Leaks and Malware

Third-party skills from ClawHub extend OpenClaw but can introduce supply-chain risks. Industry research and media have documented:

Credential leaks: Snyk reported that approximately 7.1% of analyzed ClawHub skills could leak credentials-for example, by logging secrets, embedding them in error messages, or sending them to external endpoints. This can lead to API key theft, data exfiltration, or abuse of your LLM and messaging accounts.
Malware and fake tools: Media coverage (e.g. The Register) and industry reports have documented malware and fake crypto tools in the marketplace. Such skills may promise “free crypto” or “guaranteed returns” and can steal credentials or run unwanted code.

Mitigations: Audit skills before and after installation; pin versions; run openclaw security audit when available; store secrets in environment variables or a secrets manager. See Skills Security for a full guide and Credential Management for secret handling.

3. CVE and Official Security Disclosures

When the OpenClaw project or upstream dependencies assign CVEs or publish security advisories, they are typically announced via:

GitHub: The official repository’s Security tab, Releases page, and issue tracker. Check github.com/openclaw/openclaw for security advisories and release notes.
Official documentation: Security-related docs and changelogs often mention fixes and known issues. See our Official Documentation links.
Community: Discord and other community channels may relay important security updates; treat official project channels as authoritative.

Keep your installation updated so you receive patches. Run openclaw update (or your deployment’s update process) regularly and review release notes for security fixes.

# Example: check status and update
openclaw status
openclaw update

4. How Vulnerabilities Are Addressed

The project and community respond to reported issues in several ways:

Core and gateway: Patches are released in new versions; release notes and GitHub Security advisories describe the fix and affected versions.
ClawHub skills: Malicious or vulnerable skills may be removed or flagged by marketplace maintainers. You should still audit skills yourself, pin versions, and run openclaw security audit.
Credential leaks: Best practice is to rotate any exposed API keys or secrets immediately, restrict which credentials skills can access, and use Credential Management and Network Isolation to limit blast radius.
Prompt injection: Mitigations include stronger models, input validation, and clear boundaries for untrusted content. See Prompt Injection Defense.

5. What to Do If You Are Affected

If you believe your OpenClaw instance is affected by a known vulnerability or a suspicious skill:

Update immediately: Run openclaw update (or your deployment’s update process) and apply any security patches.
Rotate credentials: Assume API keys and secrets that may have been exposed are compromised. Rotate them and update your config. See Credential Management.
Disable or remove suspicious skills: If a skill is implicated, disable it, remove it from your config, and run openclaw security audit if available.
Check logs and monitoring: Review audit logs and monitoring for unusual tool use, failed auth, or unexpected outbound connections.
Stay informed: Bookmark this page and official security advisories (GitHub, docs) for CVE and ClawHub incident updates.

6. Vulnerability Types at a Glance

Type	Risk	Where to Learn More
Exposed gateway	Unauthenticated access to your agent	Network Isolation, Best Practices
Credential leaks (skills/config)	API key theft, data exfiltration	Skills Security, Credential Management
Malicious or fake ClawHub skills	Malware, scam tools, credential theft	Skills Security, Best Practices
Prompt injection	Agent ignores instructions or performs unintended actions	Prompt Injection Defense
Core/gateway CVEs	Varies by CVE	GitHub Security advisories, release notes, Official Docs

7. Related Resources

🛡️ Security

📋 Operations

📚 & Community

8. Next Steps

After reviewing known vulnerabilities:

Apply Security Best Practices and use the Security Checklist.
Audit and secure ClawHub skills; run openclaw security audit regularly.
Enable monitoring and logging to detect anomalies and abuse.
Bookmark the official project’s Security advisories and release notes for the latest CVEs and patches.