[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-openclaw-135000-star-saas-security-crisis-zh":3,"article-related-openclaw-135000-star-saas-security-crisis-zh":30,"series-industry-5e307407-6df6-4673-8eef-2164076e5934":77},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":22,"views":26,"created_at":27,"published_at":28,"topic_cluster_id":29},"5e307407-6df6-4673-8eef-2164076e5934","openclaw-135000-star-saas-security-crisis-zh","OpenClaw 13.5 萬星後爆出 SaaS 安全危機","\u003Cp data-speakable=\"summary\">\u003Ca href=\"\u002Ftag\u002Fopenclaw\">OpenClaw\u003C\u002Fa> 衝上 13.5 萬 \u003Ca href=\"\u002Ftag\u002Fgithub\">GitHub\u003C\u002Fa> stars 後，接連爆出惡意 skills、外洩實例與 token 風險。\u003C\u002Fp>\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpetersteinberger\u002Fopenclaw\" target=\"_blank\" rel=\"noopener\">OpenClaw\u003C\u002Fa> 是由 Peter Steinberger 開源的 \u003Ca href=\"\u002Ftag\u002Fai-agent\">AI agent\u003C\u002Fa>，短時間內星標數破 13.5 萬。\u003Ca href=\"https:\u002F\u002Fwww.reco.ai\u002F\" target=\"_blank\" rel=\"noopener\">Reco\u003C\u002Fa> 在 2 月 12 日的分析指出，這類 agent 一旦拿到檔案、郵件、行事曆與訊息\u003Ca href=\"\u002Fnews\u002Fmcp-servers-ai-workflows-explained-zh\">工具\u003C\u002Fa>權限，原本的效率工具就會變成高風險攻擊面。\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>項目\u003C\u002Fth>\u003Cth>數值\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>GitHub stars\u003C\u002Ftd>\u003Ctd>135,000+\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Malicious skills found\u003C\u002Ftd>\u003Ctd>341\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Total skills registry\u003C\u002Ftd>\u003Ctd>2,857\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Exposed internet instances\u003C\u002Ftd>\u003Ctd>21,639\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Leaked email addresses\u003C\u002Ftd>\u003Ctd>35,000\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Leaked agent API tokens\u003C\u002Ftd>\u003Ctd>1.5 million\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>CVSS score\u003C\u002Ftd>\u003Ctd>8.8\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>發生了什麼\u003C\u002Fh2>\u003Cp>OpenClaw 原名 Clawdbot、後改為 Moltbot，能在本機跑，並串接 \u003Ca href=\"\u002Ftag\u002Fclaude\">Claude\u003C\u002Fa>、GPT 等模型。它可執行 shell 指令、讀寫檔案、瀏覽網頁、寄信、管行事曆，還會保留跨次\u003Ca href=\"\u002Fnews\u002Fclaude-sonnet-46-sre-benchmark-rootly-zh\">工作\u003C\u002Fa>階段的記憶。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782771466079-ukkv.png\" alt=\"OpenClaw 13.5 萬星後爆出 SaaS 安全危機\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>這種高權限設計很快就被盯上。Reco 指出，OpenClaw 爆紅後兩週內就出現一串事件：\u003C\u002Fp>\u003Cul>\u003Cli>1 月 27 日至 29 日，攻擊者透過 ClawHub 上架 335 個惡意 skills。\u003C\u002Fli>\u003Cli>後續統計顯示，2,857 個 skills 中有 341 個惡意項目，約占 12%。\u003C\u002Fli>\u003Cli>1 月 30 日，OpenClaw 修補 CVE-2026-25253，一鍵遠端程式執行漏洞。\u003C\u002Fli>\u003Cli>1 月 31 日，Censys 發現 21,639 個暴露在網路上的實例。\u003C\u002Fli>\u003Cli>1 月 31 日，Moltbook 外洩 35,000 個 email 與 150 萬組 agent API tokens。\u003C\u002Fli>\u003Cli>2 月 3 日，OpenClaw 再揭露 3 項高影響公告，包含 2 個 command-injection 漏洞。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>問題不只是一個漏洞，而是 marketplace 信任、本機暴露與代理權限疊在一起。只要一個惡意連結或 skill 被執行，就可能在幾秒內觸發程式碼執行與資料存取。\u003C\u002Fp>\u003Ch2>為什麼重要\u003C\u002Fh2>\u003Cp>對企業來說，\u003Ca href=\"\u002Fnews\u002Fllm-wikis-beat-raw-rag-knowledge-work-zh\">真正的\u003C\u002Fa>風險是 shadow AI。員工可能把個人 agent 接上 Slack、\u003Ca href=\"\u002Ftag\u002Fgoogle\">Google\u003C\u002Fa> Workspace、Email 或文件系統，卻沒有經過安全審查，OAuth token 和資料也可能在被入侵後延續可用。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782771461558-z8n4.png\" alt=\"OpenClaw 13.5 萬星後爆出 SaaS 安全危機\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>這讓傳統防護變得不夠用。端點工具只看到程序，網路工具只看到 API 流量，身分系統只看到授權，但都不擅長把 autonomous agent 當成獨立風險類別來看。安全團隊若看不到 agent 連線、權限與 app-to-app 活動，就很難在事故前攔下它。\u003C\u002Fp>\u003Cp>OpenClaw 不是單一案例，而是提醒：AI agent 拿到 SaaS 權限的速度，已經快過多數企業建立可視性的速度。\u003C\u002Fp>","OpenClaw 在 GitHub 衝上 13.5 萬星後，短時間內接連出現惡意 skills、暴露實例與 token 外洩，凸顯 AI agent 正快速放大 SaaS 風險。","www.reco.ai","https:\u002F\u002Fwww.reco.ai\u002Fblog\u002Fopenclaw-the-ai-agent-security-crisis-unfolding-right-now",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782771466079-ukkv.png","industry","zh","08cd2ab1-2a2c-4ab6-ab51-4b16a0fed4ab",[17,18,19,20,21],"OpenClaw","AI agent","SaaS security","OAuth token","shadow AI",[23,24,25],"高權限 AI agent 會把 SaaS 工具鏈變成攻擊面。","市場上的 skills 與本機暴露面，會放大供應鏈與 RCE 風險。","企業需要直接監看 agent 權限與 app-to-app 活動。",0,"2026-06-29T22:17:15.984161+00:00","2026-06-29T22:17:15.956+00:00","caa87b65-9bbc-46fe-bba8-4f4158dd2d8b",{"tags":31,"relatedLang":36,"relatedPosts":40},[32,34],{"name":17,"slug":33},"openclaw",{"name":18,"slug":35},"ai-agent",{"id":15,"slug":37,"title":38,"language":39},"openclaw-135000-star-saas-security-crisis-en","135,000-star OpenClaw hits SaaS security crisis","en",[41,47,53,59,65,71],{"id":42,"slug":43,"title":44,"cover_image":45,"image_url":45,"created_at":46,"category":13},"21e55851-9929-4b8c-86a1-e97fe2524a50","deepmind-veterans-are-leaving-london-zh","DeepMind老兵為何離開倫敦","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782777778486-vnfd.png","2026-06-30T00:02:28.609027+00:00",{"id":48,"slug":49,"title":50,"cover_image":51,"image_url":51,"created_at":52,"category":13},"35fe38fc-6982-4212-9c82-b0704fd4fdb1","bitcoin-price-page-risk-asset-market-signal-zh","比特幣價格頁面證明，市場仍把 BTC 當風險資產","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782776871942-e9s9.png","2026-06-29T23:47:26.503131+00:00",{"id":54,"slug":55,"title":56,"cover_image":57,"image_url":57,"created_at":58,"category":13},"50bc0298-8e9e-4f9a-90a6-d9865c3702e0","sora-smash-ultimate-final-dlc-pick-balanced-zh","索拉是《任天堂明星大亂鬥 特別版》最適合收官的 DLC，強但不破壞平衡","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782775071368-9ydr.png","2026-06-29T23:17:22.24145+00:00",{"id":60,"slug":61,"title":62,"cover_image":63,"image_url":63,"created_at":64,"category":13},"6e389144-3e7d-422d-af34-b7d88d9504dd","anthropic-ipo-965b-valuation-sec-filing-zh","Anthropic 9650億估值啟動 IPO","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782770564309-c9ef.png","2026-06-29T22:02:19.440318+00:00",{"id":66,"slug":67,"title":68,"cover_image":69,"image_url":69,"created_at":70,"category":13},"475c6c43-bedb-4859-80e4-3e605d347759","hp-openai-frontier-partnership-zh","HP 攜手 OpenAI 擴大 Frontier 佈局","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782766965484-ys2z.png","2026-06-29T21:02:22.192735+00:00",{"id":72,"slug":73,"title":74,"cover_image":75,"image_url":75,"created_at":76,"category":13},"a16a2ae1-c669-4818-b054-2f339332622b","anthropic-california-public-sector-ai-deal-zh","Anthropic 與加州的 Claude 合作，應成為公部門 AI 的預設模式","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782757082516-z7w8.png","2026-06-29T18:17:32.810938+00:00",[78,83,88,93,98,103,108,113,118,123],{"id":79,"slug":80,"title":81,"created_at":82},"ee073da7-28b3-4752-a319-5a501459fb87","ai-in-2026-what-actually-matters-now-zh","2026 AI 真正重要的事","2026-03-26T07:09:12.008134+00:00",{"id":84,"slug":85,"title":86,"created_at":87},"83bd1795-8548-44c9-9a7e-de50a0923f71","trump-ai-framework-power-speech-state-preemption-zh","川普 AI 框架瞄準電力、言論與州權","2026-03-26T07:12:18.695466+00:00",{"id":89,"slug":90,"title":91,"created_at":92},"ea6be18b-c903-4e54-97b7-5f7447a612e0","nvidia-gtc-2026-big-ai-announcements-zh","NVIDIA GTC 2026 重點拆解","2026-03-26T07:14:26.62638+00:00",{"id":94,"slug":95,"title":96,"created_at":97},"4bcec76f-4c36-4daa-909f-54cd702f7c93","claude-users-spreading-out-and-getting-better-zh","Claude 用戶更分散，也更會用","2026-03-26T07:22:52.325888+00:00",{"id":99,"slug":100,"title":101,"created_at":102},"bd903b15-2473-4178-9789-b7557816e535","openclaw-raises-hard-question-for-ai-models-zh","OpenClaw 逼問 AI 模型價值","2026-03-26T07:24:54.707486+00:00",{"id":104,"slug":105,"title":106,"created_at":107},"eeac6b9e-ad9d-4831-8eec-8bba3f9bca6a","gap-google-gemini-checkout-fashion-search-zh","Gap 把結帳搬進 Gemini","2026-03-26T07:28:23.937768+00:00",{"id":109,"slug":110,"title":111,"created_at":112},"0740e53f-605d-4d57-8601-c10beb126f3c","google-pushes-gemini-transition-to-march-2026-zh","Google 把 Gemini 轉換延到 2026 年 3…","2026-03-26T07:30:12.825269+00:00",{"id":114,"slug":115,"title":116,"created_at":117},"e660d801-2421-4529-8fa9-86b82b066990","metas-llama-4-benchmark-scandal-gets-worse-zh","Meta Llama 4 分數風波又擴大","2026-03-26T07:34:21.156421+00:00",{"id":119,"slug":120,"title":121,"created_at":122},"183f9e7c-e143-40bb-a6d5-67ba84a3a8bc","accenture-mistral-ai-sovereign-enterprise-deal-zh","Accenture 攜手 Mistral AI 賣主權 AI","2026-03-26T07:38:14.818906+00:00",{"id":124,"slug":125,"title":126,"created_at":127},"191d9b1b-768a-478c-978c-dd7431a38149","mistral-ai-faces-its-hardest-year-yet-zh","Mistral AI 迎來最硬的一年","2026-03-26T07:40:23.716374+00:00"]