CertiK Report: OpenClaw Security Issue Retrospective, Focusing on Systemic Risks of AI Intelligent Agents and Protection Guidelines

ME News message, March 31 (UTC+8), March 31, Web3 security company CertiK released the 《OpenClaw Security Report》, providing a systematic review and analysis of the security boundaries and risk patterns that emerged during OpenClaw’s development, and offering protective recommendations for both developers and users.

The report states that OpenClaw’s architecture connects external inputs with a local high-privilege execution environment. This “strong capability + high privileges” design not only improves automation, but also raises the bar for security. Its early security model based on a “locally trusted environment” gradually showed limitations in complex deployment scenarios. Data shows that between November 2025 and March 2026, OpenClaw cumulatively generated more than 280 GitHub security advisories and over 100 CVE vulnerabilities. The research, across multiple layers such as gateway control, identity binding, execution mechanisms, and the plugin ecosystem, summarizes typical risk types and their underlying causes.

On this basis, the report focuses on recommendations for developers and users: developers need to establish a threat model early on, incorporating access control, sandbox isolation, and permission inheritance mechanisms into the core design; at the same time, they should strengthen validation and constraints on plugins and external inputs. Users should avoid exposing services to the public internet, implement the principle of least privilege, and continuously conduct configuration audits and manage environment isolation to reduce the risk of system abuse or misuse. (Source: CertiK)