Everyone is boasting about OpenClaw (formerly Clawdbot and Moltbot)...
What is OpenClaw?
OpenClaw is an incredibly powerful autonomous AI agent that runs on your machine instead of the internet. It allows you to connect messaging apps like WhatsApp and Slack, email agents like Gmail, calendars, browsers, file systems, and many other applications, and then it can take actions on your behalf.
Are people (especially all of us tech bros), really thinking about what the consequences of giving an AI agent so much freedom and access with the door wide open to the World Wide Web?
To me, this reminds me of the days of Kazaa, Limewire, and others. Everyone loved their free P2P music (except those in the music industry, which cost them a pretty penny), but in return, P2P users’ devices were infected with adware, spyware, malware, and more. Kaspersky reported that established infostealers like RedLine, Lumma, and Vidar have already been updated to specifically target OpenClaw's file paths, hunting for API keys and credentials stored in plain text. The malware ecosystem is adapting to OpenClaw users the same way it adapted to Kazaa and Limewire users two decades ago.
OpenClaw...this is a whole new level of access.
I love the concept of OpenClaw...it is yet another engineering marvel within the AI ecosystem. But, at what cost?
A couple of weeks ago, SecurityScorecard STRIKE Threat Intelligence Team reported that over 135K of OpenClaw instances were open to the internet. This means that potentially, every single person made themselves, their family, company, client, etc., very vulnerable. It was days into the OpenClaw craze.
Are these the same people who installed and use OpenClaw that you might be sending personal information to? Confidential company numbers, memos, plans, etc.? How vulnerable are you now because of someone’s overzealousness about AI and trying to be the first pioneer on these different frontiers? How many of these instances are on company networks?
Now we have communities who gained the power of (vibe) engineering - me included. But this same community might give a burn to their loved ones and business relationships because they move too fast... trying to keep up with the 2020s (AI) Joneses.
My call is that we won't have a "market" crash in the late 2020s as we did in 1929...but we will have an AI crash. Not because AI is "bad" or is not the way of the future. It is. But because people misuse it and will continue to do so, and blindly trust it. How many people do you know who boast about what they are building? And they are…, and it is amazing. But how many truly understand the cost of it?
2020s are roaring with AI like the 1920s with optimism and prosperity. 1920s were roaring because everything felt loud, fast, rich, rebellious, and unstoppable...Just like AI does today.
I get excited about AI…OpenClaw included. But I paused this weekend before I jumped headfirst into the OpenClaw excitement. OpenClaw is amazing…the possibilities are amazing, but fragile.
Something I do not do often enough: I jumped over to the FAQs on OpenClaw, and they themselves pretty much admit that there is really no foolproof way to stay secure. Even their Terms of Service are some of the smallest/shortest I have ever seen. How small and short, well, here you go, all ~300 words: https://www.getopenclaw.ai/terms
Now, they do have a “Trust” page that outlines approaches to security, their road map, etc. https://trust.openclaw.ai/ - give credit where credit is due, it is solid…but it is early.
Now, I know what some are thinking or even commenting…But I can throttle the exposure I allow it and only grant read-only access as needed. Sure. But how many of us are truly that good and disciplined enough to carry out a slow, disciplined rollout? Worst of all, who actually carries the expertise in security to do it right? And, not do it once, but rather, do it continuously. This is not a set-it-and-forget-it environment.
Among the biggest vulnerabilities that can keep you exposed in OpenClaw is CVE-2026-25253 (CVSS 8.8). If someone can exploit it, they can compromise the gateway. And, there are a lot of people capable of this. It is very easy to pull off. Basically, if your local agent visits the malicious actor's website, the main authentication token is leaked. This can also be triggered by clicking a link. Once the malicious actor has the token, they can do whatever they choose. Now, this was patched, or fixed. But, how many more are there, and how many more will there be?
OpenClaw allows anyone to build Skills, or what we would consider apps or plugins. There will be malicious actors creating malicious skills to take advantage of vulnerable people or those who do not take security seriously. SC Media reported that OpenClaw agents were already targeted with over 300 malicious skills. And it keeps climbing.
It allows the malicious actor/hacker to run any commands on your device that they choose.
While everyone, at least in my circle, is clawing with excitement, pun intended, the perspective has to be that we have to slow down.
OpenClaw is sponsored by OpenAI and Blacksmith. Peter Steinberger built something special, along with the help of Mario Zechner, Adam Doppelt, and hundreds of others. It will get better, but we need to slow down and let it catch up to better for its own good. And catching up won’t take long in the age of AI. This may even be more accelerated given that a few days ago, Steinberger joined OpenAI, and that should expedite the development and power of OpenClaw.
What would be my suggestions, and this is something coming from someone who has minimal security experience, but thanks for diving deep into this…a few minimal takeaways:
1. Sandbox it on a separate machine
2. Sandbox it on a separate network
3. Use VPS
4. Do not have any sensitive information on the device or network
5. Do not connect it to any account with any sensitive data
6. Bind it to a localhost instead of the default 0.0.0.0
7. Research and audit any third-party skills before installing them
a. Skills in OpenClaw are basically plugins/apps
8. If you are an employer, think about how you will manage and monitor this…if you do not have an MSP, might be a time to get one.
----------------------------------------------------------
Amer Grozdanic is the CEO & Co-Founder of Praella, a leading ecommerce agency focused on blending design, data, and strategy into high-performing digital experiences. Over the past six years, he has led Praella to become a Great Place to Work-Certified™ company and earn recognition from Fortune as one of Chicago’s Best Places to Work. Under his leadership, Praella has grown into a trusted Shopify Plus Partner Agency, delivering award-winning ecommerce solutions that drive measurable growth. Amer also serves in a leadership role with the International Academy of Digital Arts and Sciences and is a judge for The Webby Awards, where he helps uphold standards of excellence across the digital industry.
0 comments