OpenClaw Security Crises & Mitigations

Home Explore Pricing Blog Docs New Tracker

Get the App

OpenClaw Release Radar

CVE-2026-25253 token leak (CVSS 8.8) and ClawHavoc (20% malware/800 malicious skills) atop prior CVEs; prompt injection/creds risks in 135k installs. New tools/guides: Enkrypt ClawPatrol (gateway/skill scans), NanoClaw-Vercel approvals, Tailscale/openclaw doctor/verbose logs; mitigations advance (v4.10+/ClawKeeper/Watchtower/Claw Lens/ClawSecure/zero-trust/Docker).

Sources (6)

Updated Apr 20, 2026

OpenClaw Release Radar

Your OpenClaw Agent Just Leaked Its Secrets to GitHub. Here's How I ...

OpenClaw Review 2026: The AI Agent That Works, But Is It Safe?

Enkrypt AI Launches ClawPatrol: Gateway-Level AI Security for OpenClaw Agents

Should my enterprise AI agent do that? NanoClaw and Vercel launch easier agentic policy setting and approval dialogs across 15 messaging apps

Agentic AI Demands Strict Identity Security & Governance

Anatomy of an Autonomous AI Agent Risk: Qualys ETM on OpenClaw | Qualys