Contexte
These sources describe OpenClaw, an open-source autonomous AI assistant designed to execute complex workflows across messaging platforms like WhatsApp, Slack, and Discord. Originally created by Peter Steinberger, the project achieved massive viral popularity in early 2026, leading to its transition toward an open-source foundation under OpenAI. Technically, the system is distinguished by its transparent memory architecture, which utilizes human-editable Markdown files and vector databases to store long-term information. While praised for its automation capabilities in fields like ESG data collection, researchers have raised serious alarms regarding critical security vulnerabilities. Specifically, the “ClawHub” marketplace was found to host hundreds of malicious skills capable of delivering malware and exfiltrating sensitive data. Users are also cautioned about extreme token consumption costs and the risks associated with granting the AI deep system permissions.
Chapitres
0:00— Introduction OpenClaw1:08— Danger du pouvoir total2:15— Chaîne d’approvisionnement empoisonnée3:20— Agent retourné contre utilisateur4:40— Solutions de protection
Sources
- A frightening OpenClaw vulnerability has been discovered | Mashable
- Anthropic Ends OpenClaw Access: It’s Not Just the Bill
- Anthropic’s Claude Computer use vs OpenClaw (Moltbot) Comparison
- CVE-2026-25253: 1-Click RCE in OpenClaw Through Auth Token Exfiltration
- Claw (video game) - Wikipedia
- Cloud AI Agents vs. Local AI Agents: Why the OpenClaw Explosion Proves Cloud Is the Smarter Choice
- Earn 40,000 Stars in a Frenzy: Replacing OpenClaw Is Satisfying, Get an AI Worker for Just $5
- GitHub - pjasicek/OpenClaw: Reimplementation of Captain Claw (1997) platformer · GitHub
- GitHub - slowmist/openclaw-security-practice-guide: This guide is designed for OpenClaw itself (Agent-facing), not as a traditional human-only hardening checklist. · GitHub
- How autonomous AI agents like OpenClaw are reshaping enterprise identity security
- How to Install OpenClaw Locally: A Comprehensive Technical Guide - H3sync
- Hundreds of Malicious Skills Found in OpenClaw’s ClawHub | eSecurity Planet
- Introducing OpenClaw — OpenClaw Blog
- Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer | Trend Micro (US)
- OpenAI: Latest news and insights – Computerworld
Voir les 14 sources restantes
- OpenClaw - Wikipedia
- OpenClaw Complete Tutorial 2026: Setup, Skills, Memory, and Architecture Explained | Towards AI
- OpenClaw Evolution: 142K Stars, ESG Workflows & Critical Risks
- OpenClaw Launches Version 2026.4.9 with ‘Dreaming’ Feature for AI Agent Memory | KuCoin
- OpenClaw Open Source AI Agent Application Attack Surface and Security Risk System Analysis - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
- OpenClaw Prompt Attacks and How to Protect Your AI Applications - Alibaba Cloud Community
- OpenClaw Security Guide 2026 | Contabo Blog
- OpenClaw Version 2026.4.7 Released with New Features | Phemex News
- OpenClaw Vulnerability Allowed Websites to Hijack AI Agents - SecurityWeek
- OpenClawd Releases Major Platform Update as OpenClaw Surpasses React With 250,000 GitHub Stars
- Openclaw Release Notes - April 2026 Latest Updates - Releasebot
- Overnight Change, Anthropic Officially Bans OpenClaw! Global Developers Collapse in 24 Hours | ME News on Binance Square
- Releases · openclaw/openclaw
- Snyk Finds Prompt Injection in 36%, 1467 Malicious Payloads in a ToxicSkills Study of Agent Skills Supply Chain Compromise | Snyk