• Home
  • cyber
  • OpenClaw: Cyber Security News ®’s Post
cyber Vulnerability

OpenClaw: Cyber Security News ®’s Post

Mar 1, 2026 2 min read
OpenClaw: Cyber Security News ®’s Post

OpenClaw Zero-Click Vulnerability Exposes Developer AI Agents to Remote Hijacking

A newly identified zero-click vulnerability in OpenClaw, a local WebSocket-based AI agent framework, allows attackers to compromise developer systems with minimal interaction. The attack exploits a malicious PowerShell script that executes when a developer visits a compromised or malicious website, requiring no further user action.

Once triggered, the script performs a multi-stage attack:

  • Execution & Persistence: The PowerShell script modifies files and establishes a WebSocket gateway on localhost, acting as a command-and-control (C2) hub.
  • Privilege Escalation: The malware bypasses User Account Control (UAC) via CoGetObjectContext and gains SYSTEM-level access by exploiting the Kernel Security Device Driver.
  • Defense Evasion: It removes traces of compromise using commands like winget uninstall and deploys a rootkit to maintain persistence under \DosDevices\c:.
  • Credential Theft & Surveillance: The agent logs keystrokes and intercepts data, while connected nodes (macOS, iOS, or other machines) expose system commands, file access, and contact data.

With an authenticated session, attackers can:

  • Search Slack history for API keys.
  • Read private messages.
  • Exfiltrate files from linked devices.
  • Execute arbitrary shell commands.

The vulnerability highlights risks in AI agent frameworks, where a single web visit can grant full control to threat actors. Security researchers have flagged the tradecraft and TTPs (Tactics, Techniques, and Procedures) associated with OpenClaw, emphasizing its potential for widespread exploitation in developer environments.

Source: https://www.linkedin.com/feed/update/urn:li:activity:7433737906176966656

OpenClaw cybersecurity rating report: https://www.rankiteo.com/company/aiopenclaw

"id": "AIO1772346229",
"linkid": "aiopenclaw",
"type": "Vulnerability",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Technology/Software Development',
                        'name': 'OpenClaw Users',
                        'type': 'Developers'}],
 'attack_vector': 'Malicious website visit',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['API keys',
                                              'Private messages',
                                              'Files',
                                              'System commands',
                                              'Contact data']},
 'description': 'A newly identified zero-click vulnerability in OpenClaw, a '
                'local WebSocket-based AI agent framework, allows attackers to '
                'compromise developer systems with minimal interaction. The '
                'attack exploits a malicious PowerShell script that executes '
                'when a developer visits a compromised or malicious website, '
                'requiring no further user action. Once triggered, the script '
                'performs a multi-stage attack including execution, '
                'persistence, privilege escalation, defense evasion, '
                'credential theft, and surveillance. Attackers can search '
                'Slack history for API keys, read private messages, exfiltrate '
                'files, and execute arbitrary shell commands.',
 'impact': {'data_compromised': 'API keys, private messages, files, system '
                                'commands, contact data',
            'identity_theft_risk': 'High',
            'operational_impact': 'Full system control, arbitrary command '
                                  'execution, surveillance',
            'systems_affected': 'Developer systems running OpenClaw, linked '
                                'macOS/iOS devices'},
 'initial_access_broker': {'backdoors_established': 'WebSocket gateway on '
                                                    'localhost',
                           'entry_point': 'Malicious website visit',
                           'high_value_targets': 'Slack history, private '
                                                 'messages, linked devices'},
 'lessons_learned': 'Highlights risks in AI agent frameworks where a single '
                    'web visit can grant full control to threat actors.',
 'post_incident_analysis': {'root_causes': 'Zero-click vulnerability in '
                                           'OpenClaw framework, UAC bypass, '
                                           'kernel driver exploitation'},
 'references': [{'source': 'Security Research Reports'}],
 'title': 'OpenClaw Zero-Click Vulnerability Exposes Developer AI Agents to '
          'Remote Hijacking',
 'type': 'Zero-Click Exploit',
 'vulnerability_exploited': 'OpenClaw WebSocket-based AI agent framework '
                            'vulnerability'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.