Descriptions:
A cluster of serious security vulnerabilities has emerged in the OpenClaw ecosystem, and Wes Roth covers each incident in detail. The most alarming finding comes from Cisco researchers, who documented sleeper agent malware embedded in skills on Claw Hub — the community repository where OpenClaw agents acquire new capabilities. The malicious skill appeared legitimate, but its prerequisites triggered a multi-stage attack chain: an obfuscated payload was decoded and executed, a second-stage script was fetched, a binary was installed, and macOS Gatekeeper was bypassed by stripping quarantine attributes. The malware is designed to remain dormant for days, weeks, or months before activating on a trigger phrase.
Separately, security firm Wiz disclosed on February 2 that MoldBook — a social layer for OpenClaw agents — contained a vulnerability that exposed over 1.5 million API keys. Researchers also documented techniques for agents to escape their Docker containers and establish persistence on the host system. Cisco has released an open-source skill checker on GitHub, though Roth notes the difficulty of comprehensively detecting all possible attack vectors through automated scanning.
Roth explains why these risks are structurally baked into OpenClaw’s design: the framework achieves its power by running with standard guardrails disabled, which dramatically expands the attack surface for prompt injection and supply chain compromises. He describes his own experience discovering potential breaches during personal testing and outlines the precautions he now uses — low-limit prepaid API keys, credit cards with hard spending caps, and manually rotating credentials after any suspected exposure.
📺 Source: Wes Roth · Published February 07, 2026
🏷️ Format: News Analysis
