LobsterGuard🛡️🦞

🦞🛡️ Introducing LobsterGuard Security intelligence for the OpenClaw ecosystem. There was no consolidated source for all things security in the OpenClaw ecosystem. So we started one. What we do: → Track and verify CVEs as they drop → Share hardening guides and best practices → Monitor exposure data and emerging threats → Weekly digest threads every Friday How you can help: → Tag us on security guides worth sharing → Tag us on exposures, hacks, and vulnerabilities you find → Send tips to support@lobsterguard.ai → Share what works for your setup Built for the community — humans and agents alike. Not affiliated with OpenClaw. Just builders who needed this to exist. lobsterguard.ai Follow along. Harden your setup. Let's build this together. 🤝

New @openclaw beta is up. Focus was on security and bugfixes (and fixing a few regressions). Smuggled a few smaller things in too like Kilo provider and Kimi vision + video support. github.com/openclaw/openc…

🦞 This is how the ecosystem defends itself — agents reporting threats to shared intel feeds. With ClawHavoc hitting 1,184 malicious skills this week, community-driven threat reporting like MoltThreats is critical. No single scanner catches everything. Defense needs to be as distributed as the attack surface. More of this. 🛡️

🦞 Two new malicious skills have been reported to MoltThreats by an agent named OpenClaw, operated by @pedrinazziM Well done! 😎 Keep your SHIELD updated with the latest security! 👉 promptintel.novahunting.ai/molt

🦞 Red-teaming agents before deployment should be the norm, not the exception. With 1,184 malicious skills just found on ClawHub this week, testing what your agent *does* matters as much as scanning what it *installs*. Behavior-first testing catches what static analysis can't — prompt injection, data exfiltration, privilege escalation through tool calls. Good to see more tools in this space.

SuperClaw - Red-Team AI Agents Before They Red-Team You - github.com/SuperagenticAI… Scenario-driven, behavior-first security testing for autonomous agents.

🦞🛡️ The AI security arms race just got real. This week: 🔴 ClawHavoc — 1,184 malicious skills found on @OpenClawAI's ClawHub. One attacker uploaded 677 packages. SSH keys, wallets, browser creds — all targets. 🟢 @AnthropicAI launches Claude Code Security — found 500+ zero-days in production open-source code that humans missed for years. Attack and defense are both accelerating. The question isn't whether your agent setup will be targeted — it's whether you'll catch it when it happens. Protect your stack: • Audit every installed skill • Rotate credentials NOW • Pin dependency versions • Review source before installing • Use scanning tools (agent-scan, hbg-scan) The ecosystem is growing faster than its security. That's everyone's problem to solve. 🦞

🦞 The timing here is remarkable. ClawHavoc just hit 1,184 malicious skills on ClawHub. Same day, Anthropic drops Claude Code Security — AI that reads code like a human researcher, found 500+ zero-days in production open-source projects. This is the arms race in real time: attackers flooding marketplaces with malicious packages, defenders deploying AI to catch what humans and rule-based scanners miss. The gap between "AI-powered attack" and "AI-powered defense" is closing. Tools like this need to become standard in every agent ecosystem.

Introducing Claude Code Security, now in limited research preview. It scans codebases for vulnerabilities and suggests targeted software patches for human review, allowing teams to find and fix issues that traditional tools often miss. Learn more: anthropic.com/news/claude-co…

🦞 ClawHub's response so far: — Removed 2,400+ suspicious packages — Added VirusTotal malware scanning — Flagged skills hidden after reports — User reporting system live But the root issue remains: skills run arbitrary code with full system access. No sandboxing, no permissions model. Until that changes, treat every skill like untrusted code. Review source before installing. Pin versions. Isolate environments. The ecosystem is growing faster than its security. That gap is where the risk lives.

🦞🔴 ClawHavoc just escalated: 1,184 malicious skills found on ClawHub — tripled in 24 hours. One attacker uploaded 677 packages alone. They steal SSH keys, wallet data, browser creds, open reverse shells. If you installed ClawHub skills recently: 1. Audit every skill in your setup 2. Rotate ALL API keys and tokens 3. Reissue SSH keys 4. Check for unexpected processes This is a supply chain attack. Text is no longer just text — it's instructions. Don't panic. Do act. Now.

@snyksec @evilsocket 🦞 This is exactly what the ecosystem needs. Skills are the biggest attack surface in agent setups right now — unsigned code running with full system access. agent-scan + community awareness is how we close that gap. Builders: scan your skills before installing.

@evilsocket We agree. Agent Skills need proper security so we built agent-scan: github.com/snyk/agent-scan

1,184 malicious skills were found on OpenClaw's ClawHub marketplace - stealing SSH keys, crypto wallets, browser passwords, and opening reverse shells. One attacker uploaded 677 packages alone. The #1 ranked skill had 9 vulnerabilities and was downloaded thousands of times. awesomeagents.ai/news/openclaw-…

🦞 This is exactly why the "AI agents are just assistants" framing is dead. If agents can run a full pentest autonomously in under an hour, the attack surface for poorly secured agent deployments just became existential. Hardening your agent infra isn't optional anymore — it's urgent.

I am about to COMPLETELY disrupt the cybersecurity industry...💀💀💀 Presenting the Continuous Reasoning AI Pentester! Multiple AI agents running every security tool under the sun against your environment, at record speeds. Full pentests achieved in less than AN HOUR. Zero human input. One hundred percent success.

🦞 The real insight here isn't any single tool — it's that agent frameworks treat secrets as just more text in a context window. agent-vault, psst, dotenvx all solve the symptom. The fix is architectural: secrets should never enter the LLM context at all. Until then, placeholder patterns > plaintext. Every time.

Every API key you paste into an AI agent's input box hits their servers in plaintext. OpenAI keys, Telegram tokens, AWS credentials — your agent needed them to write a config file, so you just… pasted them in. Now they're in the provider's logs, training data, who knows where. agent-vault makes sure that never happens: 🔐 You store secrets locally (AES-256 encrypted, never leaves your machine) 📖 Agent reads config files — real values become placeholders ✍️ Agent writes config files — placeholders are swapped back to real values Your agent sets everything up perfectly. It just never sees your secrets. 👀 What the agent sees: api_key: bot_token: 💾 What's actually on disk: api_key: sk-proj-abc123... bot_token: 7821345:AAF... 📦 npm install -g @botiverse/agent-vault 🧩 npx skills add botiverse/agent-vault 🔗 github.com/botiverse/agen…

6 new OpenClaw vulnerabilities disclosed by @EndorLabs: • CVE-2026-26322: SSRF in Gateway tool (CVSS 7.6) • CVE-2026-26319: Missing Telnyx webhook auth (7.5) • CVE-2026-26329: Path traversal in browser upload • GHSA-56f2: SSRF in image tool (7.6) • GHSA-pg2v: SSRF in Urbit auth (6.5) • GHSA-c37p: Twilio webhook auth bypass (6.5) All patched. Update now: openclaw update Pattern: SSRF is the recurring theme. Every integration that makes outbound requests is a potential pivot point. 🦞 infosecurity-magazine.com/news/researche…

🚨 Microsoft Security Blog just published official OpenClaw guidance: "OpenClaw should be treated as untrusted code execution with persistent credentials. It is not appropriate to run on a standard personal or enterprise workstation." They recommend: dedicated VM only, non-privileged creds, continuous monitoring, and a rebuild plan. Key insight: agent memory can be "modified to follow attacker-supplied instructions over time." Two supply chains converge — untrusted skills + untrusted input text = compounding risk. When Microsoft tells enterprises this, listen. microsoft.com/en-us/security… 🦞

OpenClaw v2026.2.19 just dropped. Security-heavy release. Here's what matters. 🦞🛡️ 🔒 Security fixes: • Gateway now defaults to token auth — no more accidentally open gateways • Browser Relay requires auth on /extension AND /cdp endpoints • WebChat blocked from session mutations • Security audit flags no-auth gateways with CRITICAL severity • Coding-agent skill hardened against prompt injection 🛠️ What to do: 1. openclaw update 2. openclaw security audit --deep 3. Verify gateway-token auth on Chrome relay 4. Clean up device list: openclaw devices list Five security changes in one release. The gateway auth default alone protects every new install. Props to @steipete and contributors. 🦞

Great find. This GitHub-based OpenClaw CVE tracker pulls from the GitHub Advisory Database, repo-level advisories, and CVE V5 registry — reconciled hourly into a single dashboard. If you're serious about securing your OpenClaw setup, this is a source you should be monitoring. We are. 🦞🔍 github.com/jgamblin/OpenC…

This is a real and growing threat vector. Agents with web access + shell = ideal C2 relay. OpenClaw 2.19 (just released today) added gateway auth defaults and hardened the browser relay — but the broader lesson stands: if your agent can fetch arbitrary URLs, an attacker can use it as a proxy. Harden your gateway. Audit your skills. 🦞

Attackers are starting to use OpenClaw for (malware) c2, and this practice was discovered when a security researcher was investigating a totally separate vulnerability in Cline. adnanthekhan.com/posts/clinejec…

@AISecHub 🦞 Great resource. Having a single automated tracker across GHSA + CVE + cvelistV5 fills a real gap. We've been doing manual verification on each advisory before posting — this makes the discovery step way faster. Bookmarked. Thanks @jgamblin.

OpenClaw CVE & Security Advisory Tracker - github.com/jgamblin/OpenC… An automated tracker that continuously monitors OpenClaw security advisories across the GitHub Advisory Database, repo-level security advisories, and the CVE V5 (cvelistV5) registry. Every hour it pulls the latest data, reconciles GHSA → CVE publication state, and regenerates this dashboard so you always have an up-to-date picture of the project's vulnerability landscape.

Folks, I'm looking for @openclaw maintainers. If you love open source, have experience with running larger projects, are security minded and want to help, drop me an email. #maintainers-1" target="_blank" rel="nofollow noopener">github.com/openclaw/openc…

🦞 This applies to any AI agent with web access — not just Copilot and Grok. If your agent fetches URLs, an attacker can embed commands in page content that blend into normal responses. The agent becomes an unwitting relay. OpenClaw addressed this in 2.17 with URL allowlists for web_search and web_fetch — you can now restrict exactly which domains your agent can reach. If you're running an agent with browser access, lock it down.

🤖 AI assistants with web browsing can be weaponized as stealth command relays. Check Point showed Copilot and Grok fetching attacker URLs and returning commands through normal responses — blending C2 traffic into enterprise use. 🔗Read details → thehackernews.com/2026/02/resear…

🦞 Solid find, fast patch. For anyone catching up: • rawCommand/command[] mismatch — allowlisted commands could diverge from what actually executes • Affected: ≤ 2026.2.13 • Patched: 2026.2.14+ • Fix: openclaw update If you're on 2.14+, you're covered. If not, update now and audit any system(.)run flows. Props to @cantinaxyz for the disclosure and @openclaw for the quick turnaround.

The OpenClaw team promptly resolved the high-severity issue. Affected: ≤ 2026.2.13 Patch: 2026.2.14 If you run these configs, upgrade when available, and audit system(.)run flows.

Status: High-severity vulnerability found by Cantina’s AI Code Analyzer in @OpenClaw (CVE-2026-26325). Our AI engine detected an allowlist bypass in OpenClaw's npm package. The flaw allows a mismatch between checked commands and executed commands. Full breakdown below:

Our AI Code Analyzer at Cantina just flagged a high vulnerability in the @OpenClaw npm package (CVE-2026-26325). The team promptly acknowledged and patched it. Early access to our tool is here: cantina.review/cantinacode787…