China’s CNCERT warned that OpenClaw, an open-source autonomous AI agent, has weak default security and privileged system access that can be abused via prompt injection to seize endpoints or leak sensitive data. Researchers demonstrated link‑preview exfiltration and threat actors have used malicious GitHub installers to distribute Atomic and Vidar Stealer and GhostSocks, prompting restrictions and mitigation guidance. #OpenClaw #CNCERT
Keypoints
- OpenClaw’s default security and privileged access risk allowing attackers to take control of endpoints.
- Indirect prompt injection (IDPI/XPIA) can weaponize benign features like web summarization to exfiltrate data.
- PromptArmor showed link‑preview attacks can automatically leak sensitive data without user clicks.
- Malicious repositories and skills have been used to distribute Atomic, Vidar Stealer, and GhostSocks to installers.
- CNCERT advises isolation, closing exposed management ports, avoiding plaintext credentials, restricting skill sources, and keeping agents updated.
Read More: https://thehackernews.com/2026/03/openclaw-ai-agent-flaws-could-enable.html