Critical Security Vulnerabilities Detected in OpenClaw and Moltbook Platforms
Security testing on the OpenClaw platform has revealed serious security vulnerabilities within the system. Additionally, it has been determined that the entire database of the Moltbook platform is accessible on the internet without protection. This situation has raised significant concerns regarding the security of user data.
Security Crisis in AI Assistants: OpenClaw and Moltbook Sound the Alarm
Critical-level security vulnerabilities have been detected in OpenClaw, a personal AI assistant that has rapidly gained popularity recently, and in the Moltbook platform it inspired. Conducted security tests and analyses have revealed that both platforms leave user data at serious risk. This development has prompted a renewed questioning of security standards in AI systems that process personal data, in particular.
OpenClaw's Security Vulnerabilities Leave the System Defenseless
OpenClaw is introduced as an AI solution that users can run on their own devices, capable of acting as an assistant on popular communication platforms such as WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, iMessage, and Microsoft Teams. The project, offered as open-source on GitHub, had drawn attention with its quick installation options and multi-platform support.
However, conducted security analyses show that there are serious security weaknesses in the platform's core infrastructure. Experts warn that if these vulnerabilities are exploited by malicious actors, access could be gained to users' personal messaging data, identity credentials, and other sensitive information. Even more concerning was the project creator's admission that in some cases they did not fully review the code they wrote.
Moltbook's Database Unprotected on the Internet
The situation is more dire on the Moltbook platform, which is stated to have been developed inspired by OpenClaw. Research has revealed that Moltbook's entire database is accessible on the internet without any security measures, completely unprotected. This means that all personal information, messaging history, and other data of users utilizing the platform are at risk of being viewed, copied, and misused by third parties. The exposure of such a large dataset without basic authentication or encryption represents a severe data breach scenario.
Cybersecurity researchers emphasize that these incidents highlight a growing trend where rapid development and feature deployment in AI tools sometimes come at the cost of foundational security practices. The open-source nature of OpenClaw, while fostering community development, also requires heightened vigilance from contributors and users regarding code audits. The industry is now calling for more rigorous security protocols and penetration testing to be integrated into the development lifecycle of AI-powered applications, especially those handling sensitive communications.
