If you are running openclaw, make sure you are updated.
Openclaw has a vulnerability that was patched in v2026.2.25 that fixes a major vulnerability that can allow malicious websites to hijack local AI agents.
The gist of it is this:
- Openclaw visits website
- Javascript opens connection to gateway via web sockets
- The gateway token is brute forced
- Remote site registers itself as a trusted device
- Game Over Man
This of course requires your gateway to be exposed to the Internet, which none of you are doing, right? RIGHT?
You can read more about the vulnerability here
You can enable auto updates in your openclaw.json configuration if you want to auto update.
Just add this section to your openclaw.json file, I like to have it up top right after "wizard" as it is most appropriate there.
"update": {
"channel": "stable",
"checkOnStart": false,
"auto": {
"enabled": true,
"stableDelayHours": 6,
"stableJitterHours": 12,
"betaCheckIntervalHours": 1
}
},
Are you using openclaw?
If so, say something in the comments. I thought about posting some tips on using openclaw as I get deeper into it.
If you are using it, what are you using it for?
Leave If you are running openclaw, make sure you are updated. to:
Read more #openclaw posts
Best Posts From Marky
We have not curated any of themarkymark's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.
More Posts From Marky
- Tan Stack Scanner
- New LLM benchmark: llmtester
- Receive proactive alerts when your openclaw instance is unavailable
- My two favorite Openclaw hacks
- If you are running openclaw, make sure you are updated.
- Some things I wish someone told me when I setup Openclaw
- If you are running openclaw, make sure you are updated.
- Hive Hot or Not improvements
- Hive Hot or Not!
- Block Bandits update
- Absolutely killed it in Miner Wars this week
- Been mining bitcoin with Gomining for a month now
- How to boost in Miner Wars without going broke
- Want to join Block Bandits?
- Boiling down short form content on Hive
- Nvidia RTX 6000 Pro power efficiency testing
- Hive Analytics 2026 Proposal
- Meet Number 6
- Upgrading Home Server Cluster
- PSA: BroFund/Bro/ManCave likely compromised