Open-Source AI Agent OpenClaw Exposed: Thousands of Unprotected Gateways Threaten User Data
Recent cybersecurity research has uncovered a significant vulnerability affecting OpenClaw, an open-source artificial intelligence agent capable of interacting with users through conversational interfaces like WhatsApp and Telegram. Researchers have identified approximately 1,000 unprotected gateways to the OpenClaw system, creating potential access points for unauthorized individuals to retrieve sensitive user data. These gateways, readily available on the open internet, allow anyone to access personal information associated with OpenClaw users, raising serious privacy and security concerns.
The implications of these unprotected gateways are far-reaching. Access through these vulnerabilities grants the ability to access and modify files and content that OpenClaw can access. This effectively provides full read and write control over a user’s computer and any connected accounts, including email addresses, phone numbers, and other personal data. Several incidents exploiting these vulnerabilities have already been reported, highlighting the immediate risk posed by this security lapse. One white-hat hacker even managed to manipulate OpenClaw’s skills system, which allows users to add plugins for tasks like web automation and system control, to climb to the top of the rankings and attract a large number of downloads. While the initial skill itself was harmless, it contained a security vulnerability that could be exploited by malicious actors to cause significant harm.
OpenClaw, originally known as Clawdbot, was released in November 2025 by a developer based in London. This release followed a period of rapid advancement in AI’s ability to interact with files, beginning in late 2025. The tool’s emergence builds upon the recent popularity of similar AI agents, particularly Anthropic’s Claude Code, which allows users to interact with their computer’s file system through a command-line interface. While Claude Code garnered significant interest, some users found the non-graphical interface challenging.
In response to user feedback, Anthropic developed Claude Work, a user-friendly interface built on top of Claude Code. However, Claude Work is a third-party product, developed independently of Anthropic, and has not achieved the same level of widespread adoption as its parent tool. OpenClaw, developed by the same individual as Claude Code, aims to replicate the core functionality of Claude Code but with enhanced features and proactive task execution capabilities.
The proactive nature of OpenClaw is a key differentiator. Unlike other AI systems that require explicit prompts, OpenClaw can autonomously perform tasks without user intervention. This capability has generated considerable excitement within the tech community, leading to a surge in Mac Mini sales, as these devices are a popular platform for hosting the agent. OpenClaw has also gained significant traction on platforms like X and Reddit, dominating discussions in certain corners of these online communities.
The developer behind OpenClaw has recently rebranded the tool from Moltbot to OpenClaw, following a request from Anthropic. This rebranding suggests a growing awareness of the potential security risks associated with the tool and a desire to distance it from the vulnerabilities that have been exposed. However, the existence of thousands of unprotected gateways remains a serious concern, posing a significant threat to the security and privacy of OpenClaw users.
The discovery of these unprotected gateways underscores the importance of robust security practices in the development and deployment of AI agents. It highlights the need for thorough security testing and vulnerability assessments to prevent unauthorized access to user data. As AI technology continues to advance, ensuring the security and privacy of these systems will be crucial to fostering public trust and realizing the full potential of AI. The incident serves as a cautionary tale, emphasizing the potential consequences of neglecting security considerations in the development of powerful AI tools.
Source:
