A critical zero-interaction vulnerability in OpenClaw, one of the fastest-growing open-source AI agent frameworks in history, has been discovered by Oasis Security researchers, allowing any malicious website to silently seize full control of a developer’s AI agent without requiring plugins, extensions, or any user action. OpenClaw, a self-hosted AI agent formerly known as Clawdbot and MoltBot, rocketed to over 100,000 GitHub stars in just five days and has become a default personal assistant for thousands of developers worldwide.

Full report : ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket.