INCIDENT
OpenClaw - New release of OpenClaw framework which connects to
New release of OpenClaw framework which connects to various communication channels but has a large attack surface due to data access, untrusted input, and execution capabilities.
Updated: 3/28/2026
high Severity
Status: active
Description
🛡️ New Release: OpenClaw Security Handbook OpenClaw @steipete connects Telegram, Discord, Slack, WeChat, email + executes commands, reads files, operates browsers. But here's the scary part: Data Access + Untrusted Input + Execution = Massive Attack Surface 140,000+ exposed https://t.co/RaDLjo8Wqm
Impact
New release of OpenClaw framework which connects to various communication channels but has a large attack surface due to data access, untrusted input, and execution capabilities.
Attack Vectors
- Telegram
- Discord
- Slack
- command execution
- file access
- browser automation