Malware And CampaignsCampaign

OpenClaw exposed instances and malicious skills risk

March 30, 2026CloudSecurityAlliance, Huntress, SecurityScorecard

CloudSecurityAlliance and others warn OpenClaw deployments are often internet facing and over privileged, with many exposed instances and malicious skills circulating. Hardening guidance focuses on reducing attack surface and mitigating prompt injection style abuse paths.

Open in PulseSee the full expert discussion →

QUOTES

OpenClaw has 250,000+ GitHub stars and is the dominant open-source agentic AI platform.

It also has a growing list of CVEs, 135K exposed instances found in internet scans, and 1,467 malicious skills discovered in ClawHub.

AI agents like OpenClaw are getting installed everywhere.

And in a lot of cases, they’re being handed way more access than anyone realizes.

VOICES

CloudSecurityAlliance

Huntress

SecurityScorecard

Troy Hunt

Lindsey O'Donnell Welch

Teri Radichel #cybersecurity #pentesting

Paolo Passeri (@ppasseri@infosec.exchange)

RELATED TERMS

agent securityhardeninggithubopenclawopen sourceprompt injectionattack surface

OTHER FINDINGS IN MALWARE AND CAMPAIGNS

Axios npm package compromise, WAVESHAPER.V2 cross platform RAT Handala Hack Telegram threat claiming imminent Lockheed Martin data leak Telnyx PyPI compromise (TeamPCP) shipping malware in telnyx 4.87.1/4.87.2

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security