Skills
OpenClaw ClawBleed Crisis Deepens: CVE-2026-25253 CVSS 8.8 Actively Exploited, 135K Instances Exposed, 824 Malicious Skills in ClawHub Marketplace
The OpenClaw security crisis has escalated to 137 security advisories between February and April 2026, with 135,000+ instances exposed across 82 countries. ClawBleed (CVE-2026-25253, CVSS 8.8) enables one-click RCE via WebSocket origin validation bypass — visiting a single malicious webpage triggers full system compromise. The ClawHavoc supply chain attack has confirmed 824+ malicious skills in the official ClawHub marketplace (up from 341 initially reported). Qualys ETM published a detailed case study on April 13 showing how an unauthorized OpenClaw agent was detected disguised as a routine package on a Windows Server, correlating endpoint, exposure, and identity telemetry.
Source
↳ Follow the thread