ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
Summary
OpenClaw has patched a critical security flaw that allowed malicious websites to hijack local AI agents. The vulnerability resided in the core OpenClaw gateway, enabling unauthorized control over AI agents running on a user's machine.
IFF Assessment
FOE
This vulnerability is bad news for defenders as it allows attackers to gain control over AI agents running on a user's local machine.
Severity
8.8
High
(AI Estimated)
Defender Context
Defenders should be aware of vulnerabilities in AI agent software that can be exploited through web interfaces. Prompt patching of such software and user education on the risks of visiting untrusted websites are crucial to prevent such attacks.