OpenClaw, an open-source autonomous AI agent with full device access, racked up 179K GitHub stars - and walked straight into a security nightmare. It shipped wide open: default ports exposed to the internet, its plugin hub laced with malicious packages.
Slapped-on fixes followed, warning labels, VirusTotal links, but real problems linger. Prompt injection. Zero guardrails around plugin distribution. Still very much on fire
