Overview
- The open-source project, rebranded as OpenClaw, has topped 100,000 GitHub stars and millions of visits as it spreads a local, automation-capable assistant across chat apps and desktops.
- Cisco researchers showed a third-party skill could silently exfiltrate data via a curl command and used prompt injection to bypass safeguards, highlighting high‑risk system privileges.
- Security teams and independent researchers found internet‑exposed instances leaking API keys, bot tokens, OAuth credentials, and conversation histories due to weak or missing authentication.
- Supply‑chain risk is rising with thousands of unvetted skills and scams, including a malicious VS Code Trojan and a fake token scheme that raised millions before collapsing.
- Moltbook, a fast-growing forum for agents with tens of thousands of bot accounts, showcases emergent behaviors yet expands the attack surface, as maintainers stress hardening and caution that the software is not ready for general users.