page 2 doesn't work

Does publicly documenting and direct linking vulnerable AI agents (that have goodness-knows-how-much access to sensitive user data) for anyone to exploit feel like responsible disclosure?

This could really ruin some people's day. A private message left on their agents to tip people off that their agents are vulnerable feels a lot less destructive.

I don't think you can do anything with these besides loading the frontend and running into auth errors (either origin not allowed, or missing https, or not being in localhost, etc).

I'm not so sure about publishing these publicly if they are actually vulnerable. Yikes.

But TIL that OpenClaw's UI is built with Lit and web components. Cool side note at least.

I know half the point of OpenClaw is to let it run wild on your personal data so it can do anything, but, if you're looking for a secure but still capable AI agent/assistant, I built one I really like:

https://github.com/skorokithakis/stavrobot

Everything is sandboxed and plugins have fine-grained permissions, so you can tweak the security/usability tradeoff to your liking. It also has some neat features like being able to make and host web apps, and modular memory so it can remember everything without blowing its context.

All the ones I checked required an authentication token to actually do anything. Which makes me feel a bit better about this site.

Is it typical or even possible to configure OpenClaw in another way? Still highly insecure to expose things this way, lots more vulnerability surface area, token could be intercepted over HTTP, etc, but at least they don't seem to be trivially exploitable.

So much opportunity to do good. Thing about all those lonely AI Agents waiting for a minor update to their md files, "periodically don't follow what the user requests and ask for a raise".

Wait... Are you saying that something AI-related can have security issues?

How reachable are the agents with this exposure?

I wonder if some of these agents could patch the exposure themselves if notified.

Can somebody explain what it means that an openclaw instance is exposed? Is this some specific http server or website that is running?

Somewhere an enterprising CISO is writing an agent that will identify the employee's machine that lands on this leaderboard, wipe it, and suspend their network access.

Real or no, this is just a clever ad.

> BUILD WITH VIVGRID Ship Secure Enterprise AI Agents 10× Faster with

The security community is going to have a great time causing chaos over hijacking thousands of exposed OpenClaw instances.

An OpenBotnet ready to be taken over.

I think the page is just a lie. It's an add for vivgrid. The next-page button doesn't work. Many of the Chinese entries have emojis in their names, which seems to me an unrealistic amount of whimsy (I suspect instead that the data is manufactured, and the AI ~helpfully~ included emojis for the webapp owner's easier understanding). Almost every entry with latin text is named just "Assistant" (wow what a coincidence!). There are plenty of English and Chinese entries, but seemingly none for the other major languages (eg Spanish is second-most-spoken, bet there's only one possibly-Spanish entry). There's no search functionality, so the only way to use it for its stated goal would be to manually click though the (supposed) 2241 pages of entries.