Odaily Planet Daily report: On March 31, Web3 security firm CertiK released the "OpenClaw Security Report," providing a systematic review and analysis of the security boundaries and risk patterns encountered during OpenClaw's development, along with protective recommendations for developers and users.
The report notes that OpenClaw’s architecture connects external inputs with a locally privileged execution environment; this “high capability + high privilege” design enhances automation but also imposes stricter security demands: its early security model, based on a “trusted local environment,” gradually reveals limitations in complex deployment scenarios. Data shows that between November 2025 and March 2026, OpenClaw generated over 280 GitHub security advisories and more than 100 CVE vulnerabilities. The study summarizes typical risk types and their root causes across multiple dimensions, including gateway control, identity binding, execution mechanisms, and plugin ecosystems.
On this basis, the report recommends the following to developers and users: Developers should establish a threat model early in the design process, integrating access control, sandbox isolation, and permission inheritance as core components; additionally, they should strengthen validation and constraints on plugins and external inputs. Users should avoid exposing systems to public networks, adhere to the principle of least privilege, and continuously perform configuration audits and environment isolation management to reduce the risk of system misuse or abuse.