ClawJacked vulnerability allows takeover of OpenClaw AI agents

A critical vulnerability known as ClawJacked has been identified in the OpenClaw AI platform, allowing unauthorized websites to take complete control of AI agents without any user interaction. Discovered by Oasis Security, this flaw resides at the core of OpenClaw, which has rapidly gained traction among developers, amassing over 100,000 stars on GitHub shortly after its release. The developers promptly classified the issue as high risk and issued a security update within 24 hours to mitigate potential threats.

OpenClaw's architecture enables its AI agents to operate autonomously, accessing various tools and applications, which heightens the risk associated with such vulnerabilities. As the platform continues to integrate into developer workflows, the importance of robust security measures becomes paramount, especially with the increasing reliance on AI automation. The incident underscores the need for ongoing model updates and vigilant monitoring of API and SDK integrations to ensure the safety and integrity of user data and agent functionality.