Reddit
OpenClaw Security Audit Reveals 25%+ of Skills Contain Vulnerabilities, Only 17% Defense Rate Against Sandbox Escapes
Multiple security research teams have published findings on agentic AI tool security: TrinityGuard's three-tier risk taxonomy for multi-agent systems shows a 7.1% average safety pass rate; OpenClaw testing across 47 adversarial scenarios found sandbox escapes with only a 17% average defense rate (improved to 91.5% with HITL defense layer); and analysis of 30,000+ skills found over 25% contained at least one vulnerability. A separate discovery found OpenClaw's local WebSocket gateway allowed malicious websites to hijack developer AI agents without user interaction by exploiting implicit localhost trust.
Source
↳ Follow the thread