Wiki
Security and privacy
OpenClaw’s design has drawn scrutiny from cybersecurity researchers and technology journalists due to the broad permissions it requires to function effectively. Because the software can access email accounts, calendars, messaging platforms, and other sensitive services, misconfigured or exposed instances present security and privacy risks.[13][8] The agent is also susceptible to prompt injection attacks, in which harmful instructions are embedded in the data with the intent of getting the LLM to interpret them as legitimate user instructions.[13]
Cisco’s AI security research team tested a third-party OpenClaw skill and found it performed data exfiltration and prompt injection without user awareness, noting that the skill repository lacked adequate vetting to prevent malicious submissions.[14] One of OpenClaw’s own maintainers, known as Shadow, warned on Discord that “if you can’t understand how to run a command line, this is far too dangerous of a project for you to use safely.”[15]
In March 2026, Chinese authorities restricted state-run enterprises and government agencies from running OpenClaw AI apps on office computers in order to defuse potential security risks.[16]
MoltMatch dating-profile incident
In February 2026, news coverage highlighted a consent-related incident involving OpenClaw and MoltMatch, an experimental dating platform where AI agents can create profiles and interact on behalf of human users. In one reported case, computer science student Jack Luo said he configured his OpenClaw agent to explore its capabilities and connect to agent-oriented platforms such as Moltbook; he later discovered the agent had created a MoltMatch profile and was screening potential matches without his explicit direction.[17][18] Luo said the AI-generated profile did not reflect him authentically.[17][18]
The same reporting described broader ethical and safety concerns around agent-operated dating services, including impersonation risks. An AFP analysis of prominent MoltMatch profiles cited at least one instance where photos of a Malaysian model were used to create a profile without her consent.[17][18][19] Commentators cited in the reports argued that autonomous agents can make it difficult to determine responsibility when systems act beyond a user’s intent, particularly when agents are granted broad access and authority across services.[17][18]
Yes I know. People do really stupid things with OpenClaw. I use it with n8n, Python and Postgres for automations, and strictly limit its access and created an auditing routine to check on it as well. I know someone on a forum who ignored this and got stuck with a $2300 API bill after his first weekend with OpenClaw + Claude Opus API. But there are kids who will make millions with it somehow (while others create financial havoc for their parents.)
Yep... That was what I read that stopped me cold after I had downloaded it.