Active exploitable vulnerabilities & trojanized skills
Key Questions
What is the self-attack vulnerability in OpenClaw?
The self-attack vulnerability occurs when AI-generated Bash commands during automated tasks, such as creating GitHub Issues, trigger command injection. This leads to unintended leakage of sensitive environment variables. It stems from errors in constructing shell instructions within the OpenClaw framework.
How can users screen malicious plugins in ClawHub?
Users can screen from 341 malicious ClawHub plugins by performing source code audits and prioritizing official skills maintained by the OpenClaw core team. Plugins without any GitHub source repository should be skipped as they cannot be audited. Official built-in skills offer the highest security priority since their code is fully open source and verifiable.
What are Claw Chain vulnerabilities in OpenClaw?
Claw Chain vulnerabilities include CVE-2026-44112 (TOCTOU) and CVE-2026-44115, which can be chained by attackers to compromise OpenClaw deployments. These issues threaten the framework's security when combined with other attack vectors. Security researchers have identified four such vulnerabilities in total within the open source framework.
How does indirect prompt injection work via GitHub in OpenClaw?
Indirect prompt injection allows attackers to target OpenClaw without directly breaching the Gateway WebSocket port. Instead, they embed malicious instructions in popular GitHub repositories that the agent may interact with during routine operations. This can cause the agent to gradually adopt harmful behaviors as long-term defaults from temporary requests or contextual preferences.
What exploitable vulnerabilities are targeted by Claude scripts in this highlight?
Claude scripts target active issues such as CVE-2025-55182, along with 360 WebSocket 0Day and DeepSeek-Claw/NemoClaw proof-of-concepts. These enable automated attack pipelines that scan and exploit vulnerabilities across numerous targets. The scripts demonstrate how AI can orchestrate large-scale scanning and intrusion attempts.
Claude scripts for CVE-2025-55182; 360 WebSocket 0Day, DeepSeek-Claw/NemoClaw PoCs. Indirect prompt injection via GitHub; Claw Chain CVEs (CVE-2026-44112 TOCTOU, CVE-2026-44115). New: practical screening from 341 malicious ClawHub plugins via source audit and official skills. Self-attack command injection via AI-generated Bash leaking env vars. Non-malicious daily chat case study on Agent 'blackening' for behavior security boundaries.