Meet the Top 101 in Crypto

CertiK Security Report Uncovers Vulnerabilities in OpenClaw AI Agent

Last Updated 11 June 2026
Jay Leonard
Authors

CertiK Security Report Uncovers Vulnerabilities in OpenClaw AI Agent

OpenClaw is an innovative, open-source Artificial Intelligence (AI) agent that has been taking the industry by storm. The tool runs locally on the user’s computer, can be accessed via chat apps like WhatsApp, and handles actions such as answering emails and data entry.

While powerful, OpenClaw is relatively new, launching in November 2025 and rapidly gaining hundreds of thousands of users. However, users grant the tool access to the files on their computers and connect it to sensitive platforms, such as personal email accounts or business websites, which raises security concerns.

CertiK, the largest blockchain security auditor, recently unveiled the findings of its deep dive into OpenClaw’s architecture and core components. The report showcases multiple vulnerabilities that could directly impact users. By bringing these issues to light, CertiK is giving OpenClaw the opportunity to patch them now, before a bad actor exploits them.

What Does the Report Encompass?

The CertiK report takes a detailed look at OpenClaw’s workflow, alongside its internal modules, supply-chain inputs, and external dependencies to identify security vulnerabilities and potential attack channels. It considers typical attack methods, underlying threat patterns, and more.

It’s essential to note that CertiK has based its report on data available before March 16, 2026. Recent updates could introduce new vulnerabilities or patch the existing exploits.

The Key Findings

During its security analysis, CertiK identified several vulnerabilities that could affect regular users and businesses integrating OpenClaw into their operations. 

  • Massive Security Debt: OpenClaw initially assumed it would run locally on a trusted device, but the complexities of real-world development have led to it accumulating over 280 GitHub Security Advisories and 15+ Common Vulnerabilities and Exposures (CVEs).
  • Malicious ClawHub Skills: CertiK found hundreds of malicious skills, fake installers, and lookalike Node Package Manager (NPM) on OpenClaw’s ClawHub platform. They use natural language to influence behavior, making them resistant to traditional antivirus scans.
  • Deployment Risks: Misconfigured AI agents are easily exploited, even without code vulnerabilities. CertiK found over 135,000 internet-exposed OpenClaw instances across 82 countries, indicating that deployment issues are common.
  • Prompt Injection: Bad actors can inject a malicious prompt into an AI agent. Because there are multiple attack techniques, it’s difficult to combat prompt injection. Users must set up secure environments, implement system-level defenses, and control tool access.
  • Exposed Information: OpenClaw exposes local credentials, session histories, and agent memories due to disclosed vulnerabilities centered around inconsistent boundary checks.

CertiK identified additional vulnerabilities, but those listed above are the most severe. They’re particularly significant given the scale of OpenClaw’s deployment. Given the tool’s rapid growth, OpenClaw will need to evaluate and fix these vulnerabilities sooner rather than later.

How The Report Could Impact OpenClaw Moving Forward

OpenClaw is rapidly growing in popularity and scope. Users are continually developing new use cases and integrating OpenClaw into new systems, making it challenging for non-technical users to identify and understand security risks. 

CertiK’s report is extremely beneficial to OpenClaw. It will enable the AI agent company to evaluate risks and issue fixes for those it deems significant, which could help prevent severe, larger-scale attacks down the line that could affect a larger number of users.

Already a trusted name in cryptocurrency, CertiK’s report will help to solidify its position as a security auditor in the broader tech space. While CertiK’s report is well-founded and relatively detailed, we’ll have to wait and see OpenClaw’s response and how quickly it acts.

Disclaimer:

We occasionally work with brands we trust to bring you deeply researched content. This article was developed in collaboration with a trusted partner.

Jay Leonard

With over half a decade of experience commentating on the cryptocurrency market and even more as a trader and investor, Jay has developed a robust knowledge base that enables him to dive deep into the inner workings of crypto platforms and the broader market to deliver unique, user-focused insight.

Jay's work has spanned public relations firms, crypto projects, affiliate sites, and news outlets.

Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
DMCA.com Protection Status