OPENCLAW , the open source agentic AI assistant available from GitHub, continues to attract attention while underpinning ongoing security concerns. Security researchers note that it was released with usability ahead of a secure design, and that its default settings and documentation do not adequately emphasise security for average users deploying it on home servers or low‑cost VPSs.
The system’s HEARTBEAT mechanism, which runs every 30 minutes, can be tainted when OpenClaw processes untrusted input such as web pages, illustrating how prompt injections can lead to easy takeover of a user’s instance, with data exposed through its external communications. Experts warn that the extensible skills registry allows third parties to hide malicious functionality, and Gen researchers estimate roughly 15% of the skills they've observed contain malicious instructions.
Analysts also highlight that OpenClaw can modify critical configuration settings without human confirmation, complicating removal and increasing the risk of persistent data left behind after uninstall. As HiddenLayer’s Kasimir Schulz notes, stronger guardrails and better system design will be needed as agentic AI evolves.