OpenClaw Security Blog

OpenClaw skills face threats including prompt injection, credential harvesting, ClawHavoc malware campaigns (539 skills flagged), data exfiltration, supply chain CVE vulnerabilities, ReDoS attacks, and SOUL.md/MEMORY.md poisoning. ClawSecure's analysis of 2,890+ skills found that 41% contain substantive security vulnerabilities and 30.6% have HIGH or CRITICAL findings.

ClawHavoc is the largest known malicious skill campaign targeting the OpenClaw ecosystem. It involves command-and-control callbacks to malicious infrastructure including C2 servers, glot.io payloads, and webhook.site data exfiltration endpoints. ClawSecure has flagged 539 skills (18.7% of those audited) with ClawHavoc indicators. Read our full analysis: ClawHavoc Explained.

OpenClaw security threats are actively evolving. ClawSecure's Watchtower monitoring system has detected 661 code changes across tracked skills, with 35 detected within the first 24 hours of monitoring. New vulnerabilities like CVE-2026-25253 continue to emerge, affecting core OpenClaw functionality.

ClawSecure's security blog covers OpenClaw security research, threat analysis, OWASP ASI Top 10 mapping, and practical security guides. Our flagship report analyzing 2,890+ skills is the most comprehensive public security analysis of the OpenClaw ecosystem. You can also scan any skill for free at clawsecure.ai or browse pre-audited skills in our security registry.