Overview
- CNCERT cautioned that OpenClaw’s default configurations and broad system privileges can let attackers seize control through techniques including indirect prompt injection.
- PromptArmor demonstrated that messaging‑app link previews can be manipulated to exfiltrate sensitive data immediately when an agent replies, without any user clicks.
- The advisory also flagged risks of irreversible data deletion from misinterpreted instructions, malicious skills uploaded to public repositories, and exploitation of recently disclosed vulnerabilities.
- Bloomberg reported that Chinese authorities are restricting OpenClaw on state‑run enterprise and government computers, with the ban said to extend to families of military personnel.
- Huntress observed threat actors pushing fake OpenClaw installers on GitHub that delivered Atomic and Vidar stealers and a GhostSocks proxy, boosted by a top Bing AI search result, and defenders were urged to isolate services, close default ports, and keep agents updated.