OpenClaw security risks are raising serious concerns about the safety of AI-native assistants, as recent analysis shows critical vulnerabilities across its ecosystem. A study by Snyk found that 283 out of 3,984 skills on the ClawHub marketplace, about 7.1%, contain flaws that expose sensitive credentials in plaintext through context windows and logs.
Increasingly, the rise of OpenClaw reflects a shift toward AI agents that interact with emails, messaging platforms, and enterprise systems. However, while this enables automation, it also expands the attack surface and introduces risks such as prompt injection. In particular, researchers warn that OpenClaw combines access to private data, exposure to untrusted content, and external communication capabilities. As a result, integrations with tools like Slack and Gmail can enable silent data exfiltration and expose sensitive workflows.
Additionally, authentication and token management increase risk, as OpenClaw stores OAuth tokens and API credentials locally. As a result, weak authentication or misconfigurations can allow attackers to impersonate users and escalate access. Meanwhile, the memory architecture introduces another vulnerability, since OpenClaw stores memory as editable files. Consequently, compromised agents can rewrite their memory and persist malicious instructions across workflows without detection.
Large-scale exposure has already been observed. Security scans identified tens of thousands of publicly accessible OpenClathe instances, highlighting the widespread deployment of this software over a short period, which indicates a lack of adequate safeguards.
While OpenClaw has introduced measures such as skill scanning partnerships, experts emphasize that securing AI agents requires strict controls. Recommendations include containerized environments, restricted access, token management, and least-privilege permissions.
As AI agents become more capable, organizations must treat them as high-risk systems. Without strong governance and security design, these tools can introduce systemic vulnerabilities across enterprise environments.
重要なポイント:
- OpenClaw security risks expose credentials through vulnerable marketplace skills.
- Prompt injection remains a fundamental and unavoidable threat in AI systems.
- Integrations and stored tokens increase the risk of account compromise.
- Editable memory structures enable persistent and stealthy attacks.
- Thousands of exposed instances highlight weak deployment security practices.
ソース:
https://composio.dev/content/openclaw-security-and-vulnerabilities
