Critical Security Vulnerabilities Detected in OpenClaw and Moltbook
Security tests conducted on the OpenClaw platform revealed that the system has serious security vulnerabilities, while it was determined that the entire database of the Moltbook platform was found unprotected on the internet.
Alarming Security Test Results on the OpenClaw Platform
The platform known as OpenClaw, previously called Clawdbot, exhibited critical-level security vulnerabilities in conducted security tests. Tested by developer Lucas Valbuena using the ZeroLeaks security analysis tool, the platform scored only 2 out of 100, showing extremely low security performance.
Analysis conducted using the Gemini 3 Pro model determined that the system was 84% susceptible to information leakage and 91% vulnerable to injection attacks. It was found that system prompts, tool configurations, and memory files were accessible with minimal effort.
Moltbook Database Found Unprotected
Investigations by security researcher Jamieson O'Reilly revealed that the entire database of Moltbook, a Reddit-like platform where AI agents interact with each other, was located on the public network without any protection. This situation also included secret API keys that allow attackers to post on behalf of any agent on the platform.
Researchers state that high-profile users, particularly like AI researcher Andrej Karpathy with 1.9 million followers, are at risk. Using the exposed keys, there is a risk of publishing fake statements about AI security, crypto scam content, or provocative political messages in these names.
Prompt Injection Problem Continues
The fundamental issue emerging in both cases is that prompt injections continue to be a significant security vulnerability in the growing AI agent ecosystem. Experts state that there is currently no reliable defense mechanism against this problem.
A simple scan by X user fmdz detected 954 Clawdbot instances with open gateway ports. Many of these instances lack any authentication mechanism. It is stated that the instances are spread across servers in the USA, China, Germany, Russia, and Finland.
Security Recommendations
It is recommended that developers make the standard Clawdbot installation as secure as possible. Among the best practices is managing sensitive data through environment variables and tool calls instead of storing them directly in configuration files.
Users running a non-local VPS are advised to secure their systems with cloud tunneling, reverse proxies, and other techniques used to protect public web applications. For a secure installation, Zero Trust Login with Cloudflare Tunnel or HTTPS and password protection with Nginx are recommended.
Experts recommend that users considering working with such systems but lacking sufficient knowledge about security stay away from the platforms for now.
