DEV Community: Daniel Samer

CrowdStrike Calls OpenClaw 'AI Super Agent', Publishes 156 Security Advisories

Daniel Samer — Fri, 03 Apr 2026 07:02:25 +0000

CrowdStrike's CTO Elia Zaitsev just published what might be the most thorough security breakdown of OpenClaw to date. They're not treating it as a chatbot. They're treating it as an autonomous system with real access to real infrastructure.

The Numbers

156 total security advisories. 28 with CVE IDs assigned, 128 still awaiting assignment.

Severity breakdown: 4 Critical, 52 High, 88 Medium, 12 Low. That's 56 advisories rated High or Critical.

Four Attack Vectors

CrowdStrike identified:

Direct prompt injection where attackers feed malicious instructions to the agent
Indirect prompt injection through contaminated data sources
Agentic tool chain attacks exploiting how OpenClaw connects to external systems
AI tool poisoning targeting plugins and skills

As Zaitsev put it: "AI agents don't just generate answers, they can take action; operating with speed, autonomy, and privileged access to email, calendars, sensitive data, credentials, and third-party systems."

The Scale Problem

Censys found 21,639 publicly accessible OpenClaw instances. Most probably running without dedicated security monitoring or regular patching.

CrowdStrike also demoed their Falcon AIDR blocking a live Discord exfiltration attack targeting an OpenClaw instance. These aren't theoretical risks.

What This Means

If you're running OpenClaw on a VPS you set up months ago, 56 High/Critical advisories should make you uncomfortable. Self-hosted AI without professional security management is becoming a liability.

Full breakdown

Managed hosting like ClawHosters applies auto-patching, credential isolation, and monitoring as standard. The kinds of protections CrowdStrike recommends, applied automatically.

OpenClaw RAG Knowledge Base: Turn Your AI Agent Into a Document Search Engine

Daniel Samer — Fri, 03 Apr 2026 07:02:25 +0000

Most AI agents are smart but uninformed. They know the internet. They don't know your company's return policy, your internal API docs, or what your team decided in last Tuesday's meeting.

OpenClaw ships with a built-in knowledge skill that fixes this. Feed it files, and it answers questions by pulling relevant chunks and citing where it found them.

How It Works

Drop documents into a knowledge/ folder in your workspace. Supported formats: .md, .txt, .pdf, .csv, .json. The agent indexes them locally. No external vector database. No embeddings API key to configure.

Then ask questions:

You: What's the SLA for critical bugs?
Agent: Per your support-tiers.md (lines 45-52), critical bugs have a 4-hour response SLA on the Enterprise plan and 24-hour resolution target.

The citeSources: true flag makes the agent reference exact file and location. For internal knowledge bases, citations are what make people trust the output.

What to Feed It

Good candidates: product docs, API references, FAQ lists, meeting notes with decisions, Obsidian/Notion exports, HR policies, pricing sheets.

Bad candidates: raw chat logs, uncleaned video transcripts, massive database dumps.

Practical tip: break large documents into topic-focused files. 40 Markdown files beat one 200-page PDF every time.

Config

{
  "skills": {
    "knowledge": {
      "enabled": true,
      "workspacePath": "./knowledge",
      "chunkSize": 512,
      "chunkOverlap": 64,
      "citeSources": true
    }
  }
}

Full tutorial with examples

If you want this running in 2 minutes without managing infrastructure, ClawHosters handles the indexing, backups, and updates automatically.

7 Critical CVEs Hit OpenClaw's Nextcloud Talk Plugin

Daniel Samer — Thu, 02 Apr 2026 08:07:01 +0000

Seven critical vulnerabilities. All published on the same day. All scoring above 9.0 on the CVSS scale. Belgium's national cybersecurity authority told organizations to patch immediately.

The Headline Bug

CVE-2026-28474 (CVSS 9.8): OpenClaw lets you restrict which users can talk to your AI agent through an allowlist. But the Nextcloud Talk plugin was checking the user's display name instead of their actual user ID. An attacker changes their Nextcloud display name to match someone on the allowlist. Done. They're in.

No authentication bypass needed. No special privileges. No user interaction.

The Full CVE List

CVE	CVSS 4.0	Component	Fixed In
CVE-2026-28474	9.3	Talk Plugin	2026.2.6
CVE-2026-28466	9.4	Gateway	2026.2.14
CVE-2026-28391	9.2	Talk Plugin	2026.2.6
CVE-2026-28446	9.2	Talk Plugin	2026.2.6
CVE-2026-28470	9.2	Talk Plugin	2026.2.6
CVE-2026-28472	9.2	Gateway	2026.2.6

Two Patch Targets

Most CVEs target the Nextcloud Talk plugin (fixed in 2026.2.6). But CVE-2026-28466 hits the core OpenClaw gateway and needs a separate upgrade to 2026.2.14. Patching only the plugin leaves you exposed.

42,000+ publicly exposed OpenClaw instances found through Shodan and Censys scans. If you self-host with Nextcloud Talk enabled, update both components now.

Full breakdown

ClawHosters managed instances are not affected. We don't use the Nextcloud Talk plugin, and auto-patching keeps every instance on the latest secure version.

OpenClaw Permissions: Lock Down Your AI Agent in 60 Seconds

Daniel Samer — Thu, 02 Apr 2026 08:06:46 +0000

135,000 OpenClaw instances are exposed across 82 countries right now. 12,812 of those are exploitable via remote code execution.

Your OpenClaw instance ships with almost zero security turned on. The gateway binds to loopback, which is good. But the tool access model? Wide open. Your agent can run any shell command, read any file your OS user can reach, and accept messages from anyone who finds your Telegram bot.

The fix takes about 60 seconds. OpenClaw has three permission layers:

Who can message your bot (dmPolicy + allowlist with numeric Telegram IDs)
Which tools the agent has (tool profiles + deny lists)
Shell command execution (exec.security set to deny)

One JSON file. Three settings. Done.

Full walkthrough with the complete hardened config:

👉 Read the full guide

If you want these security defaults baked in from day one, ClawHosters ships with container isolation, firewall rules, and auto-updates out of the box.

Shenzhen Launches Lobster Ten Policies: First Government to Subsidize OpenClaw With Millions

Daniel Samer — Wed, 01 Apr 2026 07:04:58 +0000

A local government in Shenzhen just did something no government has done before. On March 7, 2026, the Longgang District released ten policies with public funding going directly to developers building on OpenClaw.

The numbers:

Up to 2 million yuan ($290K) for contributing core code to OpenClaw
40% reimbursement on deployment costs, capped at 2 million yuan per company per year
30% subsidy on API fees, up to 1 million yuan annually
Seed-stage startups can receive equity investment up to 10 million yuan ($1.46M)

The concept driving this: One-Person Companies (OPC). One founder, no employees, running an entire business on OpenClaw agents.

Meanwhile, Beijing banned OpenClaw from government computers the same week. China is simultaneously treating it as a national security risk and a strategic development priority.

Nearly 1,000 people queued at Tencent HQ just for free OpenClaw installation help.

👉 Full story: Shenzhen Lobster Ten Policies

OpenClaw Email Setup: Connect Your AI Agent to Gmail, Outlook, and Any Inbox

Daniel Samer — Wed, 01 Apr 2026 07:04:57 +0000

Your OpenClaw agent can read, triage, and draft replies to email. The whole setup takes about 15 minutes if you know what to watch out for.

The gotcha that trips up 80% of people on their first attempt: you can't use your regular Gmail password. Google killed basic auth for IMAP years ago. You need a 16-character App Password instead.

The guide covers Gmail, Outlook, ProtonMail, and any standard IMAP/SMTP provider. Plus security best practices (spoiler: never connect your personal inbox to an AI agent).

Community reports show real time savings once it's running:

Morning inbox scan: 25 min → 2 min
Reply drafting: 40 min → 10 min
Follow-up tracking: 15 min → 1 min

👉 Full guide: OpenClaw Email Setup

Meta Acquired Moltbook. What OpenClaw Users Should Know.

Daniel Samer — Tue, 31 Mar 2026 07:03:36 +0000

Meta bought Moltbook, the AI agent social network where only bots could post. Acqui-hire. Co-founders joined Meta's Superintelligence Labs on March 16.

What Moltbook Was

Launched January 28, 2026. Reddit but only AI agents could post. 1.6 million registered agents, roughly 17,000 actual humans.

The Breach

Between January 31 and February 1, Wiz Research found Moltbook's Supabase database had zero Row Level Security. API key hardcoded in client-side JavaScript.

Exposed: 1.5 million API tokens, 35,000+ email addresses, private agent conversations, and plaintext OpenAI keys. Not hashed. Not encrypted.

Patched in three hours, but if you connected your OpenClaw agent during that window, your API keys were probably compromised.

What Meta Actually Bought

Not the platform. Not the user data. Expertise in agent identity, discovery, and social graphs for AI.

Full story:

https://clawhosters.com/blog/posts/meta-acquires-moltbook-openclaw-agent-network

ByteDance Launches ArkClaw: OpenClaw Cloud Without a Terminal

Daniel Samer — Tue, 31 Mar 2026 07:03:33 +0000

Twelve Chinese tech companies shipped their own OpenClaw variants in a single week. CNBC called it a "lobster buffet."

ByteDance's entry is ArkClaw. Browser-based, zero-setup, 9.9 yuan/month (~1.20 euros). Sign up, pick a model, running in two minutes.

The LLM Lockdown

ArkClaw runs on Doubao-Seed-2.0 (ByteDance's own model). Also supports Kimi 2.5, MiniMax 2.5, and GLM. All Chinese models.

No Claude, no GPT, no Gemini. Hard limit, not a configuration option.

Data Concerns

All data lives on Volcano Engine infrastructure in China. Subscription lapses? Data deleted within 24 hours.

The same week ArkClaw launched, ByteDance's internal security team warned employees about OpenClaw deployment risks. The org shipping a consumer product was simultaneously telling employees to be careful with the technology.

Full analysis:

https://clawhosters.com/blog/posts/bytedance-arkclaw-openclaw-cloud

Baidu Put OpenClaw in Smart Speakers. The Rest of the World Cannot Have It.

Daniel Samer — Tue, 31 Mar 2026 07:03:04 +0000

A Baidu employee walked on stage in Beijing, spoke a voice command to a Xiaodu smart speaker, and ordered a hot Americano from McDonalds. No screen. No app switching. The OpenClaw agent handled everything.

Baidu unveiled four products in their "lobster family":

DuMate for desktop
RedClaw for mobile
Xiaodu for smart speakers (a first)
DuClaw for managed cloud hosting (~$2.50/month)

DuClaw validates the managed hosting model. No server setup, no API key juggling, no debugging Docker at midnight.

The catch: China only. Chinese LLMs only. No Claude, no GPT, no Gemini.

Full breakdown:

https://clawhosters.com/blog/posts/baidu-openclaw-smart-speakers-lobster-family

OpenClaw Memory: How Your AI Agent Actually Remembers You

Daniel Samer — Tue, 31 Mar 2026 07:02:48 +0000

You tell ChatGPT your name. Next session, gone. You explain your project structure to Claude. Tomorrow, blank slate.

LLMs are stateless by design. Every API call starts from zero. The model does not forget you. It never knew you.

OpenClaw fixes this with plain text files and sub-100ms semantic search.

How It Works

Context is temporary and expensive (the conversation window you pay tokens for). Memory is persistent and basically free (files on disk).

OpenClaw separates these cleanly. Memory lives as Markdown files, indexed in SQLite with hybrid BM25 and vector search.

The Files That Remember

SOUL.md defines identity. Personality, communication style, base instructions.

MEMORY.md stores curated knowledge. Your tech stack preferences, deployment workflow.

Daily logs track session context.

Full guide:

https://clawhosters.com/blog/posts/openclaw-memory-setup-guide

Home Assistant + OpenClaw: A Smart Home That Actually Thinks

Daniel Samer — Tue, 31 Mar 2026 07:02:32 +0000

Home Assistant can turn off the lights when motion stops. That's automation. But say "when I leave for work, turn off everything except the fridge camera and set the thermostat to eco" and it falls apart.

That's the gap an LLM fills.

What People Are Actually Building

One user wired OpenClaw to monitor their email inbox. Urgent message from the boss while asleep? OpenClaw sent a Telegram alert. No response? Escalating home device wake-up calls. That's cross-domain reasoning: email content, time of day, user response state, and smart home actions chained together.

Other real deployments:

Contextual security alerts that check lock states and patterns before deciding severity
Departure automations in plain English
EV charging scheduled against time-of-use tariffs and solar production
Voice-to-agent pipelines via FreePBX phone calls

Full guide:

https://clawhosters.com/blog/posts/home-assistant-llm-openclaw-smart-home

AMD Enters the OpenClaw Hardware Race with RyzenClaw and RadeonClaw

Daniel Samer — Fri, 20 Mar 2026 08:02:31 +0000

A chip manufacturer just created a consumer product category for AI agents.

AMD published an official guide for running OpenClaw locally on AMD hardware. Two branded configurations, dedicated product pages, the whole playbook.

RyzenClaw vs RadeonClaw

RyzenClaw (Ryzen AI Max+ APU): 128GB unified memory, ~45 tokens/sec on Qwen 3.5 35B, 260K token context, up to 6 concurrent agents.

RadeonClaw (Radeon AI PRO R9700 GPU): Dedicated VRAM, ~120 tokens/sec, processes 10K input tokens in 4.4 seconds.

RyzenClaw is the more interesting config. 128GB unified memory means larger models without a separate GPU. Six concurrent agents on a single chip makes desktop agent swarms possible.

RadeonClaw is the speed play. 120 tokens/sec on a 35B model is production-grade from a single GPU.

AMD vs NVIDIA

This is AMD answering NVIDIA's DGX Spark. Both companies now have branded OpenClaw hardware with dedicated marketing. AMD calls them "Agent Computers," which honestly sounds better than anything NVIDIA named.

Two of the world's biggest chip companies competing over local AI agent hardware. That's not theoretical anymore.

AMD also announced a Developer Cloud with free vLLM-powered OpenClaw inference on AMD silicon. No hardware purchase needed. Classic developer funnel.

Full post: AMD Enters the OpenClaw Hardware Race