OpenClaw security assessment [pdf]

https://zeroleaks.ai/reports/openclaw-analysis.pdf

54•nreece•3h ago

Comments

DeepYogurt•2h ago

Zeroleaks.ai is a 13 day old registration. Cool.

https://whois.domaintools.com/zeroleaks.ai

rovr138•2h ago

Looks interesting, https://github.com/ZeroLeaks/zeroleaks

At least, I am curious about the tool

rovr138•2h ago

More interesting, looks to be from this 16yo, https://github.com/x1xhlol, https://www.lucknite.dev/

arcfour•1h ago

Explains why it reads like AI slop. "CRITICAL BREACH..."

edoceo•1h ago

Can we call slop in two words? I didn't feel that. Is my radar off? /me taps screen

arcfour•1h ago

I can detect it pretty well, but that was just one example.

No person starts a summary that way, it's over-the-top and meaningless. I have seen AI do that many times when summarizing something related to security, though. Claude often says "CRITICAL:" or "CRITICAL VULNERABILITY:" or similar, especially when you jam the context window full of junk.

Uehreka•1h ago

I frequently push back on people being hair-trigger about calling things AI, but even I’ve gotta admit, that’s exactly what Claude code says if you ask it to do a security review and it finds something. I’ve seen this numerous times.

cyrusradfar•1h ago

Yes, with 128K GH stars. Impressive if true.

kristopolous•1h ago

Trying to hustle online and writing high quality software aren't the same

jasonjmcghee•1h ago

The account's stars are mostly a "system prompts" collection repo fwiw.

bhewes•2h ago

Ha this moltbook gone crazy.

jonrcooper•2h ago

Zero mention of specific models that are being compromised makes it hard to take the numbers in this report seriously.

I do understand there's a lot of people running openclaw that don't really understand it and know what models are actually running. But we've known for a while that there are tons of older models that are pretty vulnerable, and you can hook up any model to OpenClaw, so, this data is not really that useful. Even though I totally agree that there are plenty of security risks here

adam_arthur•1h ago

Relying on the model for security is not security at all.

No amount of hardening or fine-tuning will make them immune to takeover via untrusted context

alan_sass•1h ago

Is this a CC generated .md report formatted as a .pdf? Looks familiar.

rodrigosetti•1h ago

It's a moltbook agent tasked to get HN attention

AstroBen•1h ago

seems it worked. We've been outsmarted by the lobster

simonw•1h ago

Almost all of this report is about leaking system prompts.

The OpenClaw system prompt has no measures in it at all to prevent leaking, because trying to protect your system prompt is almost entirely a waste of time and actually makes your product less useful.

As a result, I do not think this is a credible report.

Here's the system prompt right now: https://github.com/openclaw/openclaw/blob/b4e2e746b32f70f8fb...

K0IN•1h ago

Can someone give me context on why leaking the system prompt of a open source tool, I run on my machine is a problem?

ottah•39m ago

Only if you write a custom prompt with information you don't want to disclose.

Free Corpus Tracker – Budget, stocks, gold, mutual funds in one place

Sudo

Moltbook Smcp Plugin

I replaced a $120/year micro-SaaS in 20 minutes with LLM-generated code

Chased Through Amsterdam, Robbed of $1M, yet Still Building: Matthew's Plans

The Art of Unix Usability

Oakland Firestorm of 1991

What If Trump Discovers That Unpaid UK (and French) Debt from WWI?

Stop panicking about AI. Start preparing

Network Applications of Bloom Filters: A Survey [pdf]

Show HN: Kindler: A declarative, Lua-based, build system

The Context Gravity Well

LinkedIn, Everyone's an AI Detective Now

Tautologism Language

Show HN: Licobox – Container runtime with Docker Engine on a macOS

Show HN: Using OpenClaw chat to manage tasks with an Eisenhower Matrix

Why Do Lawyers Want to Abolish ICE? [video]

Chrome Extension lets you watch YouTube while browsing the web

RPyC – Transparent, symmetric distributed computing

Start (Vibe) Coding Fast

Show HN: ShotOne – Screenshot API with built-in playground for quick testing

Free Online Guitar Tuner: No download required, works on any device

Apple Hooks Fifty Thousand Methods [video]

The (AI) Nature of the Firm

PyInfra: Infrastructure Deserves Real Code in Python, Not YAML Soup

China's 'gold fever' sparks US$1B scandal as trading platform collapses

Gemini 3 Pro on AI Studio has been capped at 10 uses per day

SpacemiT K3 RISC-V AI CPU launch event [video]

Scalable Power Sampling: Training-Free Reasoning for LLMs via Distrib Sharpening

'Spy Sheikh' Bought Secret Stake in Trump Company for Access to USA AI Chips