Recently, the AI agent ecosystem has been hit by a serious security crisis. According to the latest tests by security research institutions and developers, OpenClaw (originally Clawdbot) and similar Reddit-like interactive platforms Moltbook have critical vulnerabilities, allowing attackers to easily bypass defenses and access core sensitive information.
Developer Lucas Valbuena used the ZeroLeaks tool to test and found that OpenClaw scored very low in security assessments, scoring only 2 points (out of 100) when tested with Gemini3Pro. The experiment showed that the data extraction success rate on this platform reached 84%, and the success rate of prompt injection attacks was as high as 91%. This means that system prompts, internal tool configurations, and memory files (such as SOUL.md) are almost completely exposed to the outside world.
At the same time, security researcher Jamieson O' Reilly discovered that the entire database of Moltbook was openly accessible on the public network without any protection. The leaked content includes secret API keys, allowing attackers to impersonate prominent users such as renowned AI researcher Andrej Karpathy to post false content, incite politics, or carry out cryptocurrency fraud. Currently, about 954 Clawdbot instances have been detected with fully open gateway ports, most of which lack authentication, affecting servers in multiple countries including China, the United States, and Germany.
Experts warn that there is currently no absolute defense against "prompt injection." Developers should avoid storing sensitive data directly in configuration files, and it is recommended to manage keys using environment variables. They should also use security technologies such as Cloudflare Tunnel or zero-trust login for enhanced protection.
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
