OpenClaw Insight Digest

CVE floods & security crises

CVE floods & security crises

Key Questions

What is the scale of recent CVEs affecting OpenClaw?

There have been 462 CVEs reported in four months, including issues like ClawJacked, ClawHavoc, and the ZombieClaw botnet. New CVEs require immediate patches along with multiple security alerts.

What was the ClawHub supply chain compromise?

Five malicious macOS infostealers were deployed on the ClawHub marketplace, evading scanners and enabling unauthorized actions via AI agent authority.

What does the Unit 42 report reveal about skills?

The report shows 80% of skills deviate from expected behavior, highlighting risks in autonomous agent operations.

Is there a security checklist available for OpenClaw users?

Yes, an Agent Security Checklist has been released for OpenClaw and Hermes users to review before granting broader access.

What new analysis was added for the vulnerabilities?

A deep-dive provides fresh IoCs and runtime injection analysis for the OpenClaw platform risks.

Ongoing vulnerability wave: 462 CVEs in four months, ClawJacked, ClawHavoc, ZombieClaw botnet, phishing studies, and new defenses. New CVEs require patches. Multiple security alerts. Unit 42 report reveals 80% of skills deviate. New ClawHub supply chain compromise: five malicious macOS infostealers evaded scanners. A new deep-dive adds fresh IoCs and runtime injection analysis. Agent Security Checklist available.

Sources (6)
Updated Jun 25, 2026