CertiK Report: OpenClaw Security Issue Retrospective, Focusing on Systemic Risks of AI Intelligent Agents and Protection Guidelines

ME News message, March 31 (UTC+8), Web3 security company CertiK released the 《OpenClaw Security Report》, providing a systematic review and analysis of the security boundaries and risk patterns that emerged during OpenClaw’s development, and offering protective recommendations for both developers and users.

The report states that OpenClaw’s architecture links external inputs to a local high-privilege execution environment. This “strong capability + high privilege” design improves automation levels, but also raises the bar for security. Its early security model based on a “locally trusted environment” gradually exposed limitations in complex deployment scenarios. Data shows that between November 2025 and March 2026, OpenClaw generated more than 280 GitHub security advisories in total and over 100 CVE vulnerabilities. The research reviewed typical risk types and their underlying causes across multiple layers, including gateway control, identity binding, execution mechanisms, and the plugin ecosystem.

Building on this, the report focuses on recommendations for developers and users: developers need to establish a threat model early on, incorporating access control, sandbox isolation, and permission inheritance mechanisms into the core design; at the same time, they should strengthen validation and constraints for plugins and external inputs. Users, meanwhile, should avoid exposing the system to the public internet, implement the principle of least privilege, and continuously perform configuration audits and environment isolation management to reduce the risk of the system being abused or misused. (Source: CertiK)