[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-openclaw-135000-star-saas-security-crisis-en":3,"article-related-openclaw-135000-star-saas-security-crisis-en":30,"series-industry-08cd2ab1-2a2c-4ab6-ab51-4b16a0fed4ab":77},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":22,"views":26,"created_at":27,"published_at":28,"topic_cluster_id":29},"08cd2ab1-2a2c-4ab6-ab51-4b16a0fed4ab","openclaw-135000-star-saas-security-crisis-en","135,000-star OpenClaw hits SaaS security crisis","\u003Cp data-speakable=\"summary\">\u003Ca href=\"\u002Ftag\u002Fopenclaw\">OpenClaw\u003C\u002Fa>’s rapid adoption exposed a wave of AI-agent security failures across SaaS systems.\u003C\u002Fp>\u003Cp>OpenClaw, an open-source \u003Ca href=\"\u002Ftag\u002Fai-agent\">AI agent\u003C\u002Fa> created by Peter Steinberger, hit more than 135,000 \u003Ca href=\"\u002Ftag\u002Fgithub\">GitHub\u003C\u002Fa> stars within weeks and then became tied to a string of security incidents in early 2026. Reco’s February 12 analysis says the agent’s broad access to files, email, calendars, and messaging tools turned a productivity tool into a fast-moving attack surface.\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>項目\u003C\u002Fth>\u003Cth>數值\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>GitHub stars\u003C\u002Ftd>\u003Ctd>135,000+\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Malicious skills found\u003C\u002Ftd>\u003Ctd>341\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Total skills registry\u003C\u002Ftd>\u003Ctd>2,857\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Exposed internet instances\u003C\u002Ftd>\u003Ctd>21,639\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Leaked email addresses\u003C\u002Ftd>\u003Ctd>35,000\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Leaked agent API tokens\u003C\u002Ftd>\u003Ctd>1.5 million\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>CVSS score\u003C\u002Ftd>\u003Ctd>8.8\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>What changed\u003C\u002Fh2>\u003Cp>OpenClaw, previously called Clawdbot and Moltbot after trademark disputes, runs locally and connects to models such as \u003Ca href=\"\u002Ftag\u002Fclaude\">Claude\u003C\u002Fa> and GPT. It can execute shell commands, read and write files, browse the web, send email, manage calendars, and keep persistent memory across sessions, which means it can retain context and access over time.\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782771534012-jg28.png\" alt=\"135,000-star OpenClaw hits SaaS security crisis\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>That reach made it a target almost immediately. Reco says the first two weeks after OpenClaw went viral brought a cluster of incidents: malicious skills in its public marketplace, a remote code execution flaw, exposed management interfaces, and a separate breach in a related agent network called Moltbook.\u003C\u002Fp>\u003Cul>\u003Cli>Jan. 27-29, 2026: attackers pushed 335 malicious skills through ClawHub.\u003C\u002Fli>\u003Cli>Researchers later counted 341 malicious skills in a 2,857-skill registry, about 12%.\u003C\u002Fli>\u003Cli>Jan. 30: OpenClaw patched CVE-2026-25253, a one-click RCE issue.\u003C\u002Fli>\u003Cli>Jan. 31: Censys found 21,639 exposed instances online, up from about 1,000 days earlier.\u003C\u002Fli>\u003Cli>Jan. 31: Moltbook exposed 35,000 email addresses and 1.5 million agent API tokens.\u003C\u002Fli>\u003Cli>Feb. 3: OpenClaw disclosed three high-impact advisories, including two command-injection bugs.\u003C\u002Fli>\u003C\u002Ful>\u003Cp>The core technical problem was not one bug. It was the combination of marketplace trust, local exposure, and agent permissions that let a single malicious link or skill trigger code execution and data access in milliseconds.\u003C\u002Fp>\u003Ch2>Why it matters\u003C\u002Fh2>\u003Cp>For companies, the bigger risk is shadow AI with elevated access. Employees can connect personal agents to Slack, \u003Ca href=\"\u002Ftag\u002Fgoogle\">Google\u003C\u002Fa> Workspace, email, and document systems without security review, then hand over OAuth tokens and data that can be reused across sessions if the agent is compromised.\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782771460592-emba.png\" alt=\"135,000-star OpenClaw hits SaaS security crisis\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>That makes standard controls less effective. Endpoint tools see processes, network tools see API traffic, and identity systems see grants, but none of them are built to flag autonomous agent behavior as a separate class of risk. Reco argues security teams need direct visibility into agent connections, permissions, and app-to-app activity before those links become an incident.\u003C\u002Fp>\u003Cp>The takeaway is blunt: OpenClaw is less a one-off problem than a preview of what happens when autonomous agents get broad SaaS access faster than security teams can map it.\u003C\u002Fp>","OpenClaw’s viral growth brought malicious skills, exposed instances, and leaked tokens, showing how AI agents widen SaaS risk fast.","www.reco.ai","https:\u002F\u002Fwww.reco.ai\u002Fblog\u002Fopenclaw-the-ai-agent-security-crisis-unfolding-right-now",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782771534012-jg28.png","industry","en","5e307407-6df6-4673-8eef-2164076e5934",[17,18,19,20,21],"OpenClaw","AI agents","SaaS security","shadow AI","remote code execution",[23,24,25],"OpenClaw’s viral rise was followed by malicious skills, RCE, and exposed instances.","More than 21,000 deployments were publicly reachable, with leaked tokens and credentials.","Security teams need visibility into AI-agent permissions across SaaS apps.",0,"2026-06-29T22:17:16.610831+00:00","2026-06-29T22:17:16.591+00:00","d19fc184-5852-4c4d-9ec0-db0c4841ac17",{"tags":31,"relatedLang":36,"relatedPosts":40},[32,34],{"name":17,"slug":33},"openclaw",{"name":18,"slug":35},"ai-agents",{"id":15,"slug":37,"title":38,"language":39},"openclaw-135000-star-saas-security-crisis-zh","OpenClaw 13.5 萬星後爆出 SaaS 安全危機","zh",[41,47,53,59,65,71],{"id":42,"slug":43,"title":44,"cover_image":45,"image_url":45,"created_at":46,"category":13},"96ad3567-ab75-487a-b9ac-656da06056ef","deepmind-veterans-are-leaving-london-en","DeepMind老兵正在离开伦敦","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782777770669-33e7.png","2026-06-30T00:02:29.06378+00:00",{"id":48,"slug":49,"title":50,"cover_image":51,"image_url":51,"created_at":52,"category":13},"81fa50cf-ee8b-4b76-b017-7dfc45a2dea0","bitcoin-price-page-risk-asset-market-signal-en","Bitcoin’s price page proves the market still treats BTC like a risk a…","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782776869895-brr2.png","2026-06-29T23:47:27.031808+00:00",{"id":54,"slug":55,"title":56,"cover_image":57,"image_url":57,"created_at":58,"category":13},"5408aa94-6f8f-4f20-9629-7c5550859f3b","sora-smash-ultimate-final-dlc-pick-balanced-en","Sora in Smash Ultimate is a strong final DLC pick, not a broken one","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782775073444-djk4.png","2026-06-29T23:17:22.741007+00:00",{"id":60,"slug":61,"title":62,"cover_image":63,"image_url":63,"created_at":64,"category":13},"13701fd7-c4c2-4966-a6e7-db3646d99bd7","anthropic-ipo-965b-valuation-sec-filing-en","Anthropic IPO: $965B valuation and SEC filing","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782770565405-h3hj.png","2026-06-29T22:02:19.831993+00:00",{"id":66,"slug":67,"title":68,"cover_image":69,"image_url":69,"created_at":70,"category":13},"9f3418e2-07ff-4903-a189-6fbe97d079da","hp-openai-frontier-partnership-en","HP and OpenAI expand Frontier partnership","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782766963986-pbe2.png","2026-06-29T21:02:22.652434+00:00",{"id":72,"slug":73,"title":74,"cover_image":75,"image_url":75,"created_at":76,"category":13},"ca076802-bd15-44b3-8236-f1bc2ba89463","anthropic-california-public-sector-ai-deal-en","Anthropic’s California deal makes Claude the default public-sector AI","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782757079985-9z3y.png","2026-06-29T18:17:33.203469+00:00",[78,83,88,93,98,103,108,113,118,123],{"id":79,"slug":80,"title":81,"created_at":82},"d35a1bd9-e709-412e-a2df-392df1dc572a","ai-impact-2026-developments-market-en","AI's Impact in 2026: Key Developments and Market Shifts","2026-03-25T16:20:33.205823+00:00",{"id":84,"slug":85,"title":86,"created_at":87},"5ed27921-5fd6-492e-8c59-78393bf37710","trumps-ai-legislative-framework-en","Trump's AI Legislative Framework: What's Inside?","2026-03-25T16:22:20.005325+00:00",{"id":89,"slug":90,"title":91,"created_at":92},"e454a642-f03c-4794-b185-5f651aebbaca","nvidia-gtc-2026-key-highlights-innovations-en","NVIDIA GTC 2026: Key Highlights and Innovations","2026-03-25T16:22:47.882615+00:00",{"id":94,"slug":95,"title":96,"created_at":97},"0ebb5b16-774a-4922-945d-5f2ce1df5a6d","claude-usage-diversifies-learning-curves-en","Claude Usage Diversifies, Learning Curves Emerge","2026-03-25T16:25:50.770376+00:00",{"id":99,"slug":100,"title":101,"created_at":102},"69934e86-2fc5-4280-8223-7b917a48ace8","openclaw-ai-commoditization-concerns-en","OpenClaw's Rise Raises Concerns of AI Model Commoditization","2026-03-25T16:26:30.582047+00:00",{"id":104,"slug":105,"title":106,"created_at":107},"b4b2575b-2ac8-46b2-b90e-ab1d7c060797","google-gemini-ai-rollout-2026-en","Google's Gemini AI Rollout Extended to 2026","2026-03-25T16:28:14.808842+00:00",{"id":109,"slug":110,"title":111,"created_at":112},"6e18bc65-42ae-4ad0-b564-67d7f66b979e","meta-llama4-fabricated-results-scandal-en","Meta's Llama 4 Scandal: Fabricated AI Test Results Unveiled","2026-03-25T16:29:15.482836+00:00",{"id":114,"slug":115,"title":116,"created_at":117},"bf888e9d-08be-4f47-996c-7b24b5ab3500","accenture-mistral-ai-deployment-en","Accenture and Mistral AI Team Up for AI Deployment","2026-03-25T16:31:01.894655+00:00",{"id":119,"slug":120,"title":121,"created_at":122},"5382b536-fad2-49c6-ac85-9eb2bae49f35","mistral-ai-high-stakes-2026-en","Mistral AI: Facing High Stakes in 2026","2026-03-25T16:31:39.941974+00:00",{"id":124,"slug":125,"title":126,"created_at":127},"9da3d2d6-b669-4971-ba1d-17fdb3548ed5","cursors-meteoric-rise-pressures-en","Cursor's Meteoric Rise Faces Industry Pressures","2026-03-25T16:32:21.899217+00:00"]