Skills
OpenClaw ClawJacked: 135,000 Exposed AI Agent Instances Vulnerable to Silent WebSocket Localhost Hijack
Oasis Security found that OpenClaw's local WebSocket gateway exempts localhost from rate limiting, allowing any website to brute-force the gateway password at hundreds of attempts per second and silently register as a trusted device — no user interaction required. With 135,000 publicly exposed instances and 138 CVEs discovered in 63 days (2.2 per day), OpenClaw exemplifies the 'implicit localhost trust' anti-pattern. Builders running local AI agents should audit whether their WebSocket gateways properly authenticate localhost connections.
↳ Follow the thread