FIND-20260326-001 — OpenClaw — Viral Open-Source AI Agent Framework with Critical Security Advisories

OpenClaw (formerly Clawdbot) is an open-source, MIT-licensed personal AI agent framework built on Node.js/TypeScript that reached 337k GitHub stars in under 6 months — surpassing React and Linux. It connects to 20+ messaging platforms (Slack, WhatsApp, Telegram, Discord), executes autonomous workflows via LLMs (Claude, GPT, DeepSeek), and runs fully local with Markdown-based memory. Shared by Avi Chawla (@_avichawla, Daily Dose of Data Science) in context of a post about running it safely via a proxy layer (Plano) to prevent safety instructions from being dropped during context compaction. HOWEVER: multiple critical security advisories in March 2026 — a supply chain attack via typosquatted skills distributed infostealer malware, 21,639 exposed public instances, prompt injection vulnerabilities, and Chinese government restriction on state use. The project's own maintainer warned it is 'too dangerous for users who can't run a command line.'

Direct relevance to the ODS ADLC pipeline: ODS already uses Claude Code agents (this is the same agentic pattern). OpenClaw's architecture (skills platform, webhooks, cron, multi-channel inbox, Node.js 24+) mirrors the ADLC dispatcher model. The Plano proxy pattern (intercepting LLM requests via filter chains) is highly relevant for hardening ODS agent safety — preventing context compaction from dropping CLAUDE.md safety rules. The supply chain attack via malicious skills is a direct threat model for ODS agent environments. Do NOT install OpenClaw or its skill marketplace in ODS infrastructure given current advisories. Evaluate Plano (the proxy layer) separately for ADLC hardening.

OpenClaw — Viral Open-Source AI Agent Framework with Critical Security Advisories

Source

ODS Impact

Security Review

Tags