1-Click RCE to steal your Moltbot data and keys (depthfirst.com)

A critical vulnerability has been discovered in OpenClaw, the popular open-source AI personal assistant, which could allow attackers to execute remote code and access sensitive user data. Security researchers from depthfirst identified a logic flaw that, when exploited, enables an attacker to steal authentication tokens merely by tricking a user into visiting a malicious webpage. This exploit, known as a 1-Click Remote Code Execution (RCE), could potentially grant malicious actors access to a victim’s private data and the ability to perform actions on their behalf, especially since OpenClaw often integrates deeply with users' digital lives. This incident is significant for the AI/ML community as it highlights the critical importance of security in open-source software, particularly when dealing with sensitive permissions and personal data. The vulnerability stemmed from improper validation of WebSocket connections, allowing attackers to bypass local network restrictions and execute commands without user approval. Thankfully, the OpenClaw team has acted swiftly to patch the issue, implementing measures such as a confirmation modal for gateway URL changes. Developers using OpenClaw are advised to update their software immediately and rotate their authentication tokens to mitigate potential risks. This serves as a reminder for the community about the need for rigorous security audits in AI-driven applications.