A comprehensive security audit of OpenClaw revealed over 50 critical vulnerabilities in the most-starred project in GitHub history.
When OpenClaw became the most-starred project in GitHub history, security researchers turned their attention to it in force. What they found was sobering: over 50 critical vulnerabilities ranging from remote code execution to credential theft. In one five-week period, 9 formal CVEs were disclosed, over 2,200 malicious add-ons were catalogued, and the total count of security vulnerabilities grew from 90 to 130 in just 24 hours as more researchers piled on. The project that promised to democratize AI agents had also democratized the attack surface.
AFFECTED USERS: ~200,000
The Actual Culprit
Hypergrowth outpaced security investment. The project optimized for features and ease-of-use while security was treated as a follow-up item. When 200,000+ users adopted it, the attack surface became massive before the security posture could catch up.
GitHub stars measure interest, not quality. A project with 200K stars can still have 130 security vulnerabilities.
Every vulnerability is multiplied by every user. At 200K users, even a minor flaw becomes a major incident.
By the time security becomes urgent, you're already in crisis mode. Budget for it from day one.
Loading comments...