Some recent articles, worthy of your attention:
DIY AI bot farm OpenClaw is a security 'dumpster fire'
https://www.theregister.com/2026/02/03/openclaw_security_problems/
- "In the past three days, the project has issued three high-impact security advisories: a one-click remote code execution vulnerability, and two command injection vulnerabilities."
- "In addition, Koi Security identified 341 malicious skills (OpenClaw extensions) submitted to ClawHub, a repository for OpenClaw skills that's been around for about a month."
Clouds rush to deliver OpenClaw-as-a-service offerings
https://www.theregister.com/2026/02/04/cloud_hosted_openclaw/
- "China’s Tencent Cloud was an early mover, last week delivering a one-click install tool for its Lighthouse service – an offering that allows users to deploy a small server and install an app or environment and run it for a few dollars a month."
- "DigitalOcean delivered a similar set of instructions a couple of days later, and aimed them at its Droplets IaaS offering."
- "Alibaba Cloud launched its offering today and made it available in 19 regions, starting at $4/month, and using its simple application server – its equivalent of Lighthouse or Droplets. Interestingly, the Chinese giant says it will soon offer OpenClaw on its Elastic Compute Service – its full-fat IaaS equivalent to AWS EC2 – and on its Elastic Desktop Service, suggesting the chance to rent a cloudy PC to run an AI assistant."
The CLAWDBOT/MOLTBOT Nightmare. The biggest risk to your privacy.
https://www.linkedin.com/pulse/clawdbotmoltbot-nightmare-biggest-risk-your-privacy-chris-duffy-caio-tfi6e/
- "Running AI agents without proper governance, isolation, and monitoring isn't innovation. It's negligence waiting to become a breach."
- "The businesses that win with AI won't be the ones who move fastest. They'll be the ones who build the internal capability to deploy safely."
Heather Adkins VP of Security at Google also took to X to voice her concern:
https://x.com/argvee/status/2015928303098712173
- "My threat model is not your threat model, but it should be, don't run Clawdbot"
https://www.linkedin.com/posts/makucharski_ai-cybersecurity-tdd-activity-7421820578786852865-aSPo
- "We've had the fix for SQL Injection since the early 2000s. 26 years later, it's still causing breaches. Now NCSC is warning about a vulnerability with no fix. And this week, it showed up on your employees' laptops - over 1,000 ClawdBot personal AI assistants found exposed, leaking corporate credentials in plaintext."
- "Exploiting Clawdbot via Backdoors"
- "Clawdbot is of course all the rage, showing an always-on personal AI assistant (PAI) with robust capabilities and potential."
- "Those of us in the security community are looking at it from the security angle."
- "One of the most interesting analysis I've found is from Jamieson O'Reilly."
- "He's published a two part series, in the first demonstrating the widespread publicly exposed deployments of Clawdbot and how it can be used to enumerate filesystems, data and more."
- hacking clawdbot and eating lobster souls
- https://x.com/theonejvo/status/2015401219746128322
- and,
- eating lobster souls Part II: the supply chain (aka - backdooring the #1 downloaded clawdhub skill)
- https://x.com/theonejvo/status/2015892980851474595
- "In his new piece today, he demonstrates how he creates a backdoored ClawdHub skill, demonstrating software supply chain attacks via 'skills'."
- "For those unfamiliar, ClawdHub, it's a package registry where developers share and download 'skills' to extend what Clawdbot can do, riding the wave of skills that continue to grow with the Clawdbot is of course all the rage, showing an always-on personal AI assistant (PAI) with robust capabilities and potential."
- "Those of us in the security community are looking at it from the security angle."
- "One of the most interesting analysis I've found is from Jamieson O'Reilly."
- "He's published a two part series, in the first demonstrating the widespread publicly exposed deployments of Clawdbot and how it can be used to enumerate filesystems, data and more.
In his new piece today, he demonstrates how he creates a backdoored ClawdHub skill, demonstrating software supply chain attacks via 'skills'." - "For those unfamiliar, ClawdHub, it's a package registry where developers share and download 'skills' to extend what Clawdbot can do, riding the wave of skills that continue to grow with the excitement around Agentic AI."
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
References:
https://github.com/openclaw/openclaw
"Your own personal AI assistant. Any OS. Any Platform. The lobster way."
https://openclaw.ai/
"OpenClaw is a personal AI assistant you run on your own devices. It answers you on the channels you already use (WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, iMessage, Microsoft Teams, WebChat), plus extension channels like BlueBubbles, Matrix, Zalo, and Zalo Personal. It can speak and listen on macOS/iOS/Android, and can render a live Canvas you control. The Gateway is just the control plane — the product is the assistant."
