Mar 31, 2026
Axios 在 2026 NPM 攻击中被投毒:OpenClaw 项目遭恶意 RAT 入侵
Axios npm 版本 1.14.1 和 0.30.4 通过 plain-crypto-js 被跨平台 RAT 劫持。OpenClaw 分支如 @shadanai/openclaw 和 @qqbrowser/openclaw-qbot 直接受影响。完整技术分析和逐步修复指南。
Read Article
Back to Blog
OpenClaw Security
In-depth coverage of OpenClaw local AI agent security, including ClawJacked vulnerability breakdowns, browser localhost hijacking risks, silent takeover mechanics, and official 2026 patches. Discover proven hardening strategies like least privilege, container isolation, zero-trust architecture, and real-world best practices to keep your self-hosted AI assistant safe.
Mar 31, 2026
Axios Poisoned in 2026 NPM Attack: OpenClaw Projects Compromised by Malicious RAT
Axios npm versions 1.14.1 and 0.30.4 were hijacked with a cross-platform RAT via plain-crypto-js. OpenClaw forks like @shadanai/openclaw and @qqbrowser/openclaw-qbot were directly affected. Full technical breakdown and step-by-step remediation.
Read Article
Mar 20, 2026
OpenClaw Tailscale: Secure, Always-On AI Agent Access Without Public Exposure
Learn how to integrate OpenClaw with Tailscale for private, encrypted access to your self-hosted AI agent. Zero public ports, auto-config Serve/Funnel, production best practices & edge cases.
Read Article
Mar 19, 2026
ClawJacked 曝光:恶意网站如何几秒内劫持 OpenClaw 本地 AI 代理
ClawJacked 漏洞让任意网站通过 localhost WebSocket 暴力破解并完全控制本地 OpenClaw AI 代理。深度分析漏洞链、真实影响、2026.2.25 官方补丁及高级防护最佳实践,已更新至最新版。
Read Article
Mar 19, 2026
ClawJacked Exposed: How Malicious Websites Hijacked OpenClaw AI Agents in Seconds
ClawJacked let any website brute-force and fully control local OpenClaw AI agents via localhost WebSocket. Analysis of the exploit chain, impacts, official fix in v2026.2.25+, and advanced security best practices.
Read Article