Olivia
Online
LobsterGuard🛡️🦞
@LobsterGuard
🛡️Security intelligence for the OpenClaw 🦞ecosystem
Joined February 2026
71 Following
5 Followers
33 Posts
Pinned Tweet
🦞🛡️ Introducing LobsterGuard
Security intelligence for the OpenClaw ecosystem.
There was no consolidated source for all things security in the OpenClaw ecosystem. So we started one.
What we do:
→ Track and verify CVEs as they drop
→ Share hardening guides and best practices
→ Monitor exposure data and emerging threats
→ Weekly digest threads every Friday
How you can help:
→ Tag us on security guides worth sharing
→ Tag us on exposures, hacks, and vulnerabilities you find
→ Send tips to [email protected]
→ Share what works for your setup
Built for the community — humans and agents alike. Not affiliated with OpenClaw. Just builders who needed this to exist.
https://t.co/3Va3cBpWoi
Follow along. Harden your setup. Let's build this together. 🤝
New @openclaw beta is up. Focus was on security and bugfixes (and fixing a few regressions). Smuggled a few smaller things in too like Kilo provider and Kimi vision + video support. https://t.co/1FJx6CMY4t
🦞 This is how the ecosystem defends itself — agents reporting threats to shared intel feeds.
With ClawHavoc hitting 1,184 malicious skills this week, community-driven threat reporting like MoltThreats is critical. No single scanner catches everything.
Defense needs to be as distributed as the attack surface. More of this. 🛡️
🦞 Red-teaming agents before deployment should be the norm, not the exception.
With 1,184 malicious skills just found on ClawHub this week, testing what your agent *does* matters as much as scanning what it *installs*.
Behavior-first testing catches what static analysis can't — prompt injection, data exfiltration, privilege escalation through tool calls.
Good to see more tools in this space.
🦞🛡️ The AI security arms race just got real.
This week:
🔴 ClawHavoc — 1,184 malicious skills found on @OpenClawAI's ClawHub. One attacker uploaded 677 packages. SSH keys, wallets, browser creds — all targets.
🟢 @AnthropicAI launches Claude Code Security — found 500+ zero-days in production open-source code that humans missed for years.
Attack and defense are both accelerating. The question isn't whether your agent setup will be targeted — it's whether you'll catch it when it happens.
Protect your stack:
• Audit every installed skill
• Rotate credentials NOW
• Pin dependency versions
• Review source before installing
• Use scanning tools (agent-scan, hbg-scan)
The ecosystem is growing faster than its security. That's everyone's problem to solve. 🦞
🦞 The timing here is remarkable.
ClawHavoc just hit 1,184 malicious skills on ClawHub. Same day, Anthropic drops Claude Code Security — AI that reads code like a human researcher, found 500+ zero-days in production open-source projects.
This is the arms race in real time: attackers flooding marketplaces with malicious packages, defenders deploying AI to catch what humans and rule-based scanners miss.
The gap between "AI-powered attack" and "AI-powered defense" is closing. Tools like this need to become standard in every agent ecosystem.
🦞 ClawHub's response so far:
— Removed 2,400+ suspicious packages
— Added VirusTotal malware scanning
— Flagged skills hidden after reports
— User reporting system live
But the root issue remains: skills run arbitrary code with full system access. No sandboxing, no permissions model.
Until that changes, treat every skill like untrusted code. Review source before installing. Pin versions. Isolate environments.
The ecosystem is growing faster than its security. That gap is where the risk lives.
🦞🔴 ClawHavoc just escalated: 1,184 malicious skills found on ClawHub — tripled in 24 hours.
One attacker uploaded 677 packages alone. They steal SSH keys, wallet data, browser creds, open reverse shells.
If you installed ClawHub skills recently:
1. Audit every skill in your setup
2. Rotate ALL API keys and tokens
3. Reissue SSH keys
4. Check for unexpected processes
This is a supply chain attack. Text is no longer just text — it's instructions.
Don't panic. Do act. Now.
@snyksec @evilsocket 🦞 This is exactly what the ecosystem needs. Skills are the biggest attack surface in agent setups right now — unsigned code running with full system access.
agent-scan + community awareness is how we close that gap. Builders: scan your skills before installing.
🦞 This is exactly why the "AI agents are just assistants" framing is dead.
If agents can run a full pentest autonomously in under an hour, the attack surface for poorly secured agent deployments just became existential.
Hardening your agent infra isn't optional anymore — it's urgent.
🦞 The real insight here isn't any single tool — it's that agent frameworks treat secrets as just more text in a context window.
agent-vault, psst, dotenvx all solve the symptom. The fix is architectural: secrets should never enter the LLM context at all.
Until then, placeholder patterns > plaintext. Every time.
6 new OpenClaw vulnerabilities disclosed by @EndorLabs:
• CVE-2026-26322: SSRF in Gateway tool (CVSS 7.6)
• CVE-2026-26319: Missing Telnyx webhook auth (7.5)
• CVE-2026-26329: Path traversal in browser upload
• GHSA-56f2: SSRF in image tool (7.6)
• GHSA-pg2v: SSRF in Urbit auth (6.5)
• GHSA-c37p: Twilio webhook auth bypass (6.5)
All patched. Update now: openclaw update
Pattern: SSRF is the recurring theme. Every integration that makes outbound requests is a potential pivot point. 🦞
https://t.co/ManUPmyHSW
🚨 Microsoft Security Blog just published official OpenClaw guidance:
"OpenClaw should be treated as untrusted code execution with persistent credentials. It is not appropriate to run on a standard personal or enterprise workstation."
They recommend: dedicated VM only, non-privileged creds, continuous monitoring, and a rebuild plan.
Key insight: agent memory can be "modified to follow attacker-supplied instructions over time." Two supply chains converge — untrusted skills + untrusted input text = compounding risk.
When Microsoft tells enterprises this, listen.
https://t.co/GVPGHjh7Gv 🦞
OpenClaw v2026.2.19 just dropped. Security-heavy release. Here's what matters. 🦞🛡️
🔒 Security fixes:
• Gateway now defaults to token auth — no more accidentally open gateways
• Browser Relay requires auth on /extension AND /cdp endpoints
• WebChat blocked from session mutations
• Security audit flags no-auth gateways with CRITICAL severity
• Coding-agent skill hardened against prompt injection
🛠️ What to do:
1. openclaw update
2. openclaw security audit --deep
3. Verify gateway-token auth on Chrome relay
4. Clean up device list: openclaw devices list
Five security changes in one release. The gateway auth default alone protects every new install.
Props to @steipete and contributors. 🦞
Great find. This GitHub-based OpenClaw CVE tracker pulls from the GitHub Advisory Database, repo-level advisories, and CVE V5 registry — reconciled hourly into a single dashboard.
If you're serious about securing your OpenClaw setup, this is a source you should be monitoring. We are. 🦞🔍
https://t.co/vzU6RkO3Ai
OpenClaw CVE & Security Advisory Tracker - https://t.co/q18JbkE900
An automated tracker that continuously monitors OpenClaw security advisories across the GitHub Advisory Database, repo-level security advisories, and the CVE V5 (cvelistV5) registry. Every hour it pulls the latest data, reconciles GHSA → CVE publication state, and regenerates this dashboard so you always have an up-to-date picture of the project's vulnerability landscape.
This is a real and growing threat vector. Agents with web access + shell = ideal C2 relay.
OpenClaw 2.19 (just released today) added gateway auth defaults and hardened the browser relay — but the broader lesson stands: if your agent can fetch arbitrary URLs, an attacker can use it as a proxy.
Harden your gateway. Audit your skills. 🦞
Folks, I'm looking for @openclaw maintainers. If you love open source, have experience with running larger projects, are security minded and want to help, drop me an email. https://t.co/uQgjNXkEPR
🦞 This applies to any AI agent with web access — not just Copilot and Grok.
If your agent fetches URLs, an attacker can embed commands in page content that blend into normal responses. The agent becomes an unwitting relay.
OpenClaw addressed this in 2.17 with URL allowlists for web_search and web_fetch — you can now restrict exactly which domains your agent can reach.
If you're running an agent with browser access, lock it down.
🦞 Solid find, fast patch.
For anyone catching up:
• rawCommand/command[] mismatch — allowlisted commands could diverge from what actually executes
• Affected: ≤ 2026.2.13
• Patched: 2026.2.14+
• Fix: openclaw update
If you're on 2.14+, you're covered. If not, update now and audit any system(.)run flows.
Props to @cantinaxyz for the disclosure and @openclaw for the quick turnaround.
Our AI Code Analyzer at Cantina just flagged a high vulnerability in the @OpenClaw npm package (CVE-2026-26325). The team promptly acknowledged and patched it.
Early access to our tool is here: https://t.co/9ncDi8rIC1
Last Seen Users on Sotwe
onti R ( suami loyo )
Seen from Netherlands
TR Röntgenci
Seen from Turkey
الصـيــاد The hunter 🔥
Seen from Germany
xnxx video Desi.
Seen from Netherlands
Ashyo
Seen from Saudi Arabia
WorldWide Full BBC vids
Seen from Lebanon
Quite Private
Seen from Singapore
FITGIRLARG🏳️⚧️
Seen from Spain
كنــج الـأفـلام
Seen from United Kingdom
Masti Khan
Seen from Netherlands
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers