ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
OpenClaw has patched a vulnerability dubbed ClawJacked flaw that could allow malicious sites to hijack local OpenClaw AI agents via WebSocket connections. The flaw enabled unauthorized control and potential manipulation of AI agents running on a user’s machine.
Security teams also addressed log poisoning bugs and multiple CVEs tied to recent activity, with a wave of malicious ClawHub skills suspected of distributing malware and crypto scams. Researchers urge users to update to the latest patches and review installed skills and integrations to mitigate risk.
Industry observers warn that the combination of local agent control and phishing-like skill distribution could significantly impact enterprise and consumer environments until defenses are fully deployed.