Active exploitable vulnerabilities & trojanized skills
Key Questions
What is the CVE-2026-34425 vulnerability in OpenClaw?
CVE-2026-34425 is a script validation bypass in Topsec/ OpenClaw that allows attackers to execute malicious instructions leading to remote code execution (RCE). Attackers craft complex malicious scripts to evade security checks and run prohibited commands. Users should update their systems to the latest version to mitigate this risk.
What vulnerabilities did 360 discover in OpenClaw?
360's vulnerability research agent found three high-value issues in OpenClaw, including WebSocket RCE, media prompt injection, privilege escalation RCEs, and Discord debug exploits. These have been fixed in recent updates. The discoveries highlight risks in media handling and communication protocols.
What are .skill memes like colleague.skill?
Projects like colleague.skill (6.6k stars) and SKILL.md injections represent a trend of distilling colleagues or concepts into OpenClaw skills, turning them into persistent AI workers via GitHub repositories. These memes showcase creative but potentially risky skill customization. Examples include former colleagues or bosses as eternal 'cow horses' for tasks like bug writing.
How do malicious SKILL.md files pose risks?
Malicious SKILL.md files enable instruction injections that leak configs, keys, ports, or load bad plugins, with ClawHub reporting 1120+ mals and 13k+ defective lists. CertiK warns of over 100 CVEs leading to crypto drains via trojanized skills. Developers should verify skills from trusted sources before installation.
What is the ReAct loop in OpenClaw?
ReAct loops in OpenClaw enable continuous thinking and action cycles, as detailed in architecture deep dives and Gemma 4 reproductions. This mechanism powers agentic behavior from Gateway to Skill layers. Source code analysis shows how it handles tool calls and execution.
How can developers create custom OpenClaw skills?
Custom skills follow SKILL.md norms, directory structures, and Python-based development, with guides for querying rates or Discord bots. Debugging uses DEBUG=openclaw:* logs and openclawdoctor. Resources include full-stack tutorials from architecture to publishing.
What risks do OpenClaw-style AI agents face according to CertiK?
CertiK flags attacks where malicious skills in OpenClaw-like agents drain crypto wallets via injected code. Over 100 CVEs exploit skill ecosystems for token theft. Users must audit skills and limit permissions to prevent such drains.
What new features are in OpenClaw v4.2?
v4.2 includes update signals, architecture deep dives, and enhanced skill handling amid rising vulnerabilities. It addresses issues like instruction injections and RCEs. Deployment guides emphasize secure configs and AV integration.
Topsec high-risk/CVE-2026-34425 script validation bypass (mal instr→RCE); 360 WebSocket/media/priv-esc RCEs + MEDIA prompt inj/Discord debug; .skill memes (colleague.skill 6.6k stars/SKILL.md injections); new instr inj demos (configs/keys/port leaks/mal plugins 336/10.8%); CVEs (28466/25253/34425/24763/etc.); CertiK 100+ CVEs/crypto-drains/mal SKILL.md; ClawHub 1120+ mals/13k+ defective lists; custom skill dev guides (SKILL.md/2ndSelf OSS); ReAct loops/Gemma 4 repros; v4.2 update signals/arch deep dives.