OpenClaw default-config fragility & official advisories
Key Questions
How many OpenClaw deployments and instances are affected by default configuration vulnerabilities?
Over 1 million deployments and 580,000 instances have been identified, with 63% found vulnerable. This exposure stems primarily from default or improper configurations that blur trust boundaries.
Which organizations have issued advisories on OpenClaw security risks?
CNCERT, AWS, and QiAnXin have released official advisories highlighting risks such as instruction induction and potential malicious takeover. These warnings emphasize multi-tenant exposures and the need for proper RBAC controls.
What security impact does version 2026.5.12-beta.6 have on OpenClaw?
The beta version expands the attack surface through new gateway and IM breakdowns. It increases potential exposures when combined with the 25 Tools and 53 Skills capabilities.
What does the 25 Tools and 53 Skills guide recommend for safe usage?
Advanced Layer 2 tools like browser control and automation should only be enabled as needed, as they enlarge the attack surface. The guide stresses configuring RBAC and maintaining API key hygiene to mitigate risks.
Where does OpenClaw read its configuration from by default?
OpenClaw reads an optional JSON5 configuration from the path specified in $OPENCLAW_CONFIG_PATH, defaulting to ~/.openclaw/openclaw.json. Proper configuration is essential to address trust boundary issues noted in official advisories.
1M+ deploys/580k+ instances (63% vuln); v2026.5.12-beta.6 expands surfaces; CNCERT/AWS/QiAnXin advisories. New gateway/IM breakdowns and 25 Tools/53 Skills guide highlight multi-tenant exposures and RBAC needs. API key hygiene emphasized.