A Reddit post drew attention to a March 2 case study arguing that OpenClaw incidents already trigger 8 of 10 OWASP Agentic vulnerability classes, including malicious skill supply-chain attacks and localhost WebSocket hijacking.
A Show HN launch frames DenchClaw as a local OpenClaw profile with a CRM UI, DuckDB-backed storage, and browser-driven imports from tools such as HubSpot and Notion.
Google has begun restricting accounts of Google AI Pro and Ultra subscribers who used the third-party client OpenClaw via OAuth, citing Terms of Service violations. The action has sparked debate in developer communities about the limits of AI subscription plans and user rights.
SecurityScorecard's STRIKE team found 40,214 OpenClaw AI agent instances exposed to the public internet with no authentication. Over 12,000 are vulnerable to Remote Code Execution, and attackers who compromise them inherit full system access including SSH keys, browser sessions, and filesystem control.
Andrej Karpathy coined a new term for OpenClaw-like AI agent systems: "Claws." Just as LLM agents were a new layer on top of LLMs, Claws provide orchestration, scheduling, persistent context, and tool calls on top of LLM agents.
OpenAI CEO Sam Altman announced that Peter Steinberger, creator of viral AI personal agent app OpenClaw, is joining the company to drive the next generation of personal agents across a multi-agent future.
A Reddit discussion in r/MachineLearning raised concerns about exposed agent instances and potentially malicious community skills, sparking practical debate on agent security controls.