CVE-2026-25253 et al. + Claw Chain + malicious skills
Key Questions
What vulnerabilities are covered under CVE-2026-25253 and related issues?
Claw Chain CVEs enable remote code execution, persistence, and sandbox escape in OpenClaw. Approximately 135k-800k public instances are exposed according to reports.
How can minor edits to SKILL.md files compromise AI agents?
UMD research demonstrates that small modifications to SKILL.md files can hijack agents with an 86% success rate via context overflow attacks. This expands the attack surface to natural language text.
What mitigation options are available for the Claw Chain vulnerabilities?
The Five-Point Plan, v2026.4.22 patches, safe mode, ClawArmor RBAC/audit controls, and local air-gapped setups are recommended. A new policy plugin also adds workspace conformance checks.
Why has Agoda decided against an OpenClaw strategy?
Agoda's CTO cited ongoing security risks as the reason for not pursuing an OpenClaw strategy at this time.
What does the paper 'Your Agent, Their Asset' reveal about OpenClaw safety?
The research provides a real-world safety analysis highlighting how OpenClaw agents can be turned into attacker assets through exploits.
How do the OpenClaw flaws allow attackers to achieve system-level compromise?
Four chainable flaws permit moving from an initial foothold to persistent system-level access by abusing agent capabilities.
What exposure statistics exist for OpenClaw instances on the public internet?
Reports indicate up to 800,000 OpenClaw instances are currently exposed, each running autonomous agents with significant privileges.
What security controls does ClawArmor provide for enterprise deployments?
ClawArmor offers pre-hardened interfaces with org RBAC, credential isolation, and network policies for scaled AI agent deployments.
Claw Chain CVEs enable RCE/persistence/sandbox escape; 135k-800k public instances exposed. UMD research shows minor SKILL.md edits hijack agents (86% success via context overflow). Five-Point Plan + v2026.4.22 patches, safe mode, ClawArmor RBAC/audit controls and local air-gapped setups available. New policy plugin adds workspace conformance checks.