A newly disclosed vulnerability in OpenClaw, the open source AI agent that has seen meteoric adoption among developers, is now patched and underscoring the security risks of deploying AI agents without adequate controls, according to Dark Reading. The flaw allowed a malicious website to hijack a developer’s AI agent without any plug-ins or user interaction, stemming from OpenClaw’s failure to distinguish connections from trusted apps and services versus those from a malicious site.
The OpenClaw team rated the issue as high severity and released a patch less than 24 hours after Oasis Security informed them of the flaw; the fix is included in version 2026.2.25 and later, with a call to update all instances. OpenClaw, previously known as MoltBot and before that Clawdbot, runs locally on a user’s system and can be extended with community-built skills via ClawHub, which has contributed to its rapid growth and security concerns highlighted by researchers.
The investigation also notes a growing list of vulnerabilities and malicious skills in its ecosystem, including CVE-2026-25253 and several others, emphasising the need for layered defenses and continuous verification of AI agents’ behaviour.