Skills
OpenClaw 9 CVEs in 4 Days: Memory Poisoning via SOUL.md Enables Time-Shifted Prompt Injection and Logic-Bomb Attacks on AI Agents
Between March 18-21, nine CVEs were publicly disclosed for OpenClaw (210K+ GitHub stars), including a novel attack class: time-shifted prompt injection via persistent memory files. Because OpenClaw stores context in SOUL.md and MEMORY.md, malicious payloads can be fragmented across sessions — injected on one day and detonated when agent state aligns on another. Security researchers at Reco.ai analyzed 30,000+ OpenClaw skills and found over 25% contained at least one vulnerability, creating a massive supply chain risk for the 210K+ developers using the framework.
Source
↳ Follow the thread