OpenClaw, a widely-used autonomous personal assistant, has been in the spotlight due to persistent security issues. Initially known as Clawdbot, and later Moltbot, the product has undergone several transformations. On February 14, 2026, Peter Steinberger, the developer behind OpenClaw, announced his decision to join OpenAI, as OpenClaw transitions into the OpenClaw Foundation with backing from OpenAI. Despite these changes, security concerns continue to plague the platform.
Security Vulnerabilities and Patches
OpenClaw has made efforts to address its security vulnerabilities. On January 25, the platform fixed CVE-2026-25157 in version 2026.1.25. Shortly thereafter, a one-click remote code execution flaw (CVE-2026-25253) was identified and addressed in version 2026.1.29. Despite these updates, Depthfirst and Snyk discovered that the patch was incomplete, leading to another fix in version 2026.1.30. This latest version also resolved additional issues, such as CVE-2026-25593 and CVE-2026-25475.
While these updates reflect a commitment to security improvement, the presence of older, vulnerable versions in use poses ongoing risks. Users running versions prior to 2026.1.30 remain exposed to various threats, underscoring the need for regular updates and vigilant security practices.
Common Misconfigurations and User Awareness
Beyond patched vulnerabilities, OpenClaw suffers from common AI agent misconfigurations. Many users may not be aware of these potential security gaps or lack the technical skills to mitigate them. In a January LinkedIn article, security expert Jamieson O’Reilly highlighted these issues, emphasizing the importance of awareness and proper configuration to ensure security.
The widespread use of outdated versions and misconfigurations suggests a gap in user knowledge and the adoption of security best practices. Ensuring users are informed and equipped to secure their systems remains a critical challenge.
Introducing SecureClaw: A New Security Tool
In response to these challenges, Alex Polyakov, founder and CTO of Adversa AI, introduced SecureClaw, an open-source tool designed to enhance OpenClaw’s security. Available on GitHub, SecureClaw conducts comprehensive audits and hardening checks, addressing a wide range of documented threats. The tool aligns with frameworks like OWASP, MITRE ATLAS, and CoSAI, providing users with actionable insights and defenses.
While SecureClaw does not claim to solve all security issues, such as prompt injection, it offers a multi-layered defense strategy, significantly increasing security for OpenClaw deployments. This proactive approach aims to equip users with the resources necessary to safeguard their systems.
Overall, OpenClaw’s combination of utility and vulnerability necessitates ongoing dialogue and action to improve security practices. As the platform evolves, efforts like SecureClaw represent a step forward in addressing these pervasive challenges.
