February 12, 2026 // Vulnerability | #Remote Code Execution #Prompt Injection #Supply Chain Poisoning

OpenClaw Open Source AI Agent Application Attack Surface and Security Risk System Analysis - Security Boulevard

The OpenClaw open-source AI agent project rapidly exposed at least three high-risk Remote Code Execution (RCE) vulnerabilities, allowing attackers to perform high-authority tasks like shell command execution. These critical flaws are exacerbated by direct/indirect prompt injection, configuration errors, and supply chain poisoning through malicious plug-ins within its architecture.

Source: Original Report ↗