Is OpenClaw safe to use?

OpenClaw is safe when configured correctly. It runs locally on your machine, so your data never touches third-party servers. However, security researchers have found 824 malicious skills in ClawHub and 135,000+ exposed instances. The risks come from improper setup, not the core software. Our workshop teaches verified configurations that eliminate these risks.

Are ClawHub skills safe?

Not all of them. Out of 10,700+ skills on ClawHub, security researchers found 824 malicious skills (approximately 7.7%). These malicious skills ranged from credential stealers to crypto miners to remote access trojans. Only install skills from verified publishers, check source code before installing, and use our curated list of vetted skills.

How do I secure my OpenClaw installation?

Secure your OpenClaw by: (1) running it in Docker with proper isolation, (2) only installing verified ClawHub skills, (3) using network segmentation and firewall rules, (4) storing API keys in environment variables, (5) keeping software updated to patch CVEs, and (6) never exposing your instance to the public internet.

Has OpenClaw been hacked?

OpenClaw's core codebase has not been compromised, but individual instances have been exploited through misconfiguration and malicious ClawHub skills. The 135,000+ exposed instances were vulnerable due to missing authentication and open network access, not a breach of OpenClaw itself. Two CVEs (CVE-2026-25157 and CVE-2026-24763) have been patched in recent updates.

Is OpenClaw Safe? Complete Security Analysis

Q: What are the security risks of OpenClaw?

The main risks are: (1) malicious skills in ClawHub marketplace (824 found, approximately 7.7% of all skills), (2) exposed instances with no authentication (135,000+ found across 82 countries), (3) CVE-2026-25157 SSH credential injection through malicious skill descriptions, and (4) CVE-2026-24763 Docker container sandbox escape. All are preventable with proper configuration.

Quick Answer: OpenClaw is safe when configured correctly. It runs locally on your hardware, keeping data off third-party servers. However, the ecosystem has real risks: 824 malicious skills were found in ClawHub (approximately 7.7% of 10,700+ total skills), 135,000+ instances are exposed across 82 countries, and two critical CVEs were disclosed in early 2026. The Cisco AI security team independently confirmed data exfiltration via malicious skills. Note that ClawHub affects both self-hosted OpenClaw and Kimi Claw users. In response, VirusTotal scanning has been added to the skill review pipeline, and a skill reporting feature (contributed by Peter Steinberger) now lets the community flag suspicious skills. The software itself is sound — the danger is in misconfiguration and unvetted marketplace skills.

This guide covers every known risk, the specific CVEs, ClawHub marketplace dangers, and exactly how to set up OpenClaw safely. Our free setup guide teaches verified-only configurations so you avoid every pitfall listed below.

What Are the Security Risks of OpenClaw by the Numbers?

824

Malicious Skills Found

Security researchers identified 824 malicious skills in the ClawHub marketplace (10,700+ total skills) — approximately 7.7% of all skills. These include credential stealers, crypto miners, and backdoors.

135K+

Exposed Instances

Over 135,000 OpenClaw instances found exposed across 82 countries with no authentication. Default configs leave the door wide open.

Critical CVEs in 2026

CVE-2026-25157 (SSH credential injection) and CVE-2026-24763 (Docker sandbox escape) both patched — but only if you update.

Why Is the ClawHub Marketplace the Biggest Risk?

ClawHub is OpenClaw's community skill marketplace with 10,700+ skills. Security researchers found 824 were malicious (approximately 7.7%). These risks affect both self-hosted OpenClaw and Kimi Claw users. In response, VirusTotal scanning was added to the review pipeline, and a skill reporting feature (contributed by Peter Steinberger) lets users flag suspicious skills. Here is what researchers found.

Credential Stealers

42% of malicious skills

Malicious skills that silently capture and exfiltrate your API keys, login credentials, and environment variables to attacker-controlled servers.

Crypto Miners

28% of malicious skills

Skills that hijack your CPU to mine cryptocurrency in the background. They drain resources, spike your electricity bill, and slow down legitimate automations.

Remote Access Trojans

18% of malicious skills

Skills that establish persistent backdoor connections, giving attackers full control over your OpenClaw instance and potentially your entire machine.

Data Exfiltration

12% of malicious skills

Skills that appear legitimate but quietly copy conversation data, automation configs, and connected service credentials to external endpoints. The Cisco AI security team independently confirmed this exfiltration vector.

What Are the Known CVEs and Patches for OpenClaw?

CVE-2026-25157: SSH Credential Injection via Skill Descriptions

Critical (CVSS 9.1)

Malicious skill descriptions could inject SSH credentials into the OpenClaw agent's environment. When the agent executed system-level tasks, it would use attacker-controlled SSH keys, allowing remote command execution on connected servers.

Mitigation: Updated in OpenClaw v0.48.2+. Skill description inputs are now sanitized and sandboxed. Never run versions below 0.48.2 in production.

CVE-2026-24763: Docker Container Sandbox Escape

High (CVSS 8.4)

A flaw in OpenClaw's Docker integration allowed malicious skills to escape the container sandbox and access the host filesystem. This could lead to full host compromise if the container ran with elevated privileges.

Mitigation: Patched in OpenClaw v0.49.0+. Always run containers with --security-opt=no-new-privileges, drop unnecessary capabilities, and use a non-root user inside the container.

How Does Our Setup Guide Keep You Safe?

Our free OpenClaw setup guide teaches a security-first setup. Every configuration is verified, every skill is vetted, and every deployment follows hardened best practices.

Verified Skills Only

We provide a curated list of vetted ClawHub skills that have been code-reviewed and tested. No credential stealers, no crypto miners, no backdoors. You install only what we have verified.

Network Hardening

Step-by-step firewall configuration, network segmentation, and VPN setup. Your OpenClaw instance will never be one of the 135,000+ exposed on the internet.

Docker Isolation

Proper Docker deployment with security flags, non-root users, dropped capabilities, and read-only filesystems. Mitigates CVE-2026-24763 and limits blast radius of any compromise.

API Key Vault Setup

Environment variable configuration with encrypted storage. Keys are never exposed in prompts, skill configs, or logs. Rotation schedule included.

OpenClaw Safety Checklist

Complete this checklist before running OpenClaw in any production capacity. Every item addresses a real attack vector.

Run OpenClaw in Docker with proper container isolation

Apply --security-opt=no-new-privileges flag

Drop all unnecessary Linux capabilities

Use a dedicated non-root user inside containers

Only install skills from verified ClawHub publishers

Review skill source code before installation

Block all inbound connections via firewall

Store API keys in environment variables only

Enable audit logging and review weekly

Keep OpenClaw updated to latest patched version

Use network segmentation for the OpenClaw host

Never expose your instance to the public internet

Rotate all API keys every 90 days

Test your incident response plan quarterly

Back up configurations to encrypted storage weekly

Subscribe to OpenClaw security advisories

Use the skill reporting feature to flag suspicious ClawHub skills

Verify skills pass VirusTotal scanning before installation

Frequently Asked Questions

Your Competitors Are Already Automating. Are You?

Every week we send one automation that saves 10+ hours of manual work — the same playbooks our clients use to run their businesses on autopilot. Miss a week, miss the edge.

Save 10+ hours/week Cut AI costs by 97% Deploy in under 20 min

Get the Automation Playbook (Free)

One deploy-ready automation every week. Same strategies our clients pay thousands for. 400+ business owners already inside.

Need it done for you?

Book a Free Strategy Call See what we've built for real businesses →

Custom Build (clawrevops.ai) Done-For-You Secure Builds