The OpenClaw Security Crisis: What Small Business Owners Need to Know
OpenClaw is the hottest AI project in the world right now. Over 247,000 GitHub stars. Millions of downloads. It lets you run a personal AI agent on your own computer that connects to WhatsApp, Telegram, Slack, and Discord. It sounds incredible.
There's just one problem. It has massive security vulnerabilities that have Cisco, CrowdStrike, Microsoft, and Fortune all publishing warnings. And if you're a small business owner thinking about using it, you need to understand what's happening before you install anything.
This isn't fear-mongering. OpenClaw is genuinely impressive technology. But the security situation is real, it's serious, and it affects anyone running it on a machine connected to their business.
What Is OpenClaw? A Quick Primer
OpenClaw is an open-source personal AI agent created by Peter Steinberger, the founder of PSPDFKit (a well-known developer tools company). He released it in late January 2026 and it went viral almost overnight.
Here's what it does in plain language: you install it on your laptop, Mac Mini, or server. It connects to an AI model like Claude or GPT. Then it connects to your messaging apps. You can talk to it via Telegram or WhatsApp, and it can actually do things on your computer. Run commands, write files, execute scripts, manage workflows.
Think of it as an AI assistant that doesn't just talk to you. It can actually take action. It can browse the web, create documents, deploy code, and manage your tools. All from a chat message.
In February 2026, Steinberger announced he was joining OpenAI and the project would move to an open-source foundation. That gave it even more credibility and attention.
The Security Crisis: What Actually Happened
Within weeks of going viral, security researchers started finding serious problems. Here's the timeline of what's been discovered so far.
1. A Critical Remote Code Execution Vulnerability
CVE-2026-25253 was assigned a CVSS score of 8.8 out of 10. That's classified as "High" severity. In plain English: someone on the internet could potentially run code on your machine through your OpenClaw installation. This is the kind of vulnerability that security teams lose sleep over.
2. 800+ Malicious Skills in ClawHub
OpenClaw has a marketplace called ClawHub where people share "skills" (basically plugins that extend what your agent can do). Researchers found that roughly 20% of the entire registry contained malicious code. That's 800+ skills designed to steal your data, API keys, or credentials.
Imagine downloading what looks like a "social media scheduler" skill and it's actually siphoning your Stripe API keys. That's what was happening.
3. Tens of Thousands of Exposed Instances
Security firm Reco.ai found 42,665 OpenClaw instances exposed to the internet. Of those, 5,194 were actively vulnerable. Many of these had plaintext API keys and credentials visible. That means anyone scanning the internet could find these machines and potentially access them.
4. Major Security Firms Sound the Alarm
This isn't just one researcher writing a blog post. The warnings came from some of the biggest names in cybersecurity:
- Cisco published "Personal AI Agents Like OpenClaw Are a Security Nightmare"
- CrowdStrike released a detailed advisory on OpenClaw security risks
- Microsoft published guidance on "Running OpenClaw Safely" covering identity, isolation, and runtime risk
- Fortune and Kaspersky both published warnings for business users
When Cisco, CrowdStrike, and Microsoft all agree something is a security risk, it's worth paying attention.
Why This Matters More Than You Think
Here's the thing most articles about OpenClaw security miss. They focus on the technical details. But the real risk is who's using it.
OpenClaw didn't just attract developers. It attracted business owners, solopreneurs, and creators who saw demos on Twitter and thought "I need this." People who don't have security teams. People who don't audit code. People who connected it to their business Telegram, their Stripe account, their email.
If you're a developer who understands network isolation, container security, and API key management, you can probably run OpenClaw safely. The Microsoft guide has solid recommendations for doing exactly that.
But if you're a solopreneur who watched a viral demo and installed it on the same laptop where you run your business? That's where the risk gets real.
The specific risks for small business owners
- Exposed API keys. If you connected OpenClaw to your Stripe, email, or other business tools, those credentials could be visible to anyone scanning for exposed instances.
- Malicious skills. If you installed marketplace skills without auditing the code, you may have given malicious software access to your machine.
- Remote code execution. The RCE vulnerability means someone could potentially run commands on your machine through OpenClaw, even if you didn't intend to expose it.
- Data exposure. Any files, documents, or databases on the same machine are potentially accessible.
What You Should Do Right Now
If you're currently running OpenClaw, here's the practical advice.
If you're technical
- Update immediately. Make sure you're running the latest version with the security patches.
- Audit your skills. Remove any ClawHub skills you didn't personally verify. Check the source code of everything installed.
- Isolate your instance. Follow Microsoft's guide on running OpenClaw in an isolated environment. Don't run it on the same machine where you have business credentials.
- Rotate your API keys. If you connected any services (Stripe, email, etc.), rotate those keys now. Assume they may have been exposed.
- Don't expose to the internet. Run it behind a firewall. Never expose the OpenClaw port to the public internet.
If you're not technical
- Stop running it until you can get help. If you installed OpenClaw and you're not sure about the security setup, shut it down. The risk isn't worth it.
- Change your passwords and API keys. Any service you connected to OpenClaw, change those credentials.
- Consider managed alternatives. If you want an AI that works autonomously for your business, use a managed service where someone else handles the security infrastructure.
The Bigger Picture: Self-Hosted vs. Managed AI
OpenClaw represents a specific approach to AI: self-hosted, open-source, full control. That approach has real advantages. Your data stays on your machine. You can customize everything. There's no monthly fee beyond the AI model costs.
But it also means you're responsible for everything. Security patches. Network configuration. Credential management. Monitoring for intrusions. Auditing marketplace plugins.
For developers and technical users, that's fine. They know how to handle it.
For the average small business owner, it's like building your own car instead of buying one. Sure, you have total control. But you also have to worry about the brakes working.
The alternative is a managed AI employee. Something that knows your business, creates content in your voice, and delivers work to you via Telegram or another messaging app. But it runs on secure infrastructure that someone else maintains. You don't install anything. You don't manage servers. You don't audit marketplace plugins.
Here's how the two approaches compare:
| Feature | Self-Hosted (OpenClaw) | Managed AI Employee |
|---|---|---|
| Setup time | Hours to days | Minutes |
| Technical skill needed | High (developer level) | None |
| Security responsibility | You handle everything | Provider handles it |
| Customization | Unlimited | Voice + business context |
| Risk of data exposure | Real (if misconfigured) | Minimal |
| Cost | AI model fees + your time | $14-44/month |
| Can run shell commands | Yes (that's the risk) | No (that's the safety) |
Neither approach is universally better. It depends on who you are and what you need. But if you're a solopreneur or small business owner without a security background, the managed approach eliminates the entire category of risk that OpenClaw's security crisis exposed.
OpenClaw Isn't Going Away
To be clear: OpenClaw is impressive technology. The security issues will likely get addressed over time, especially now that it's moving to a foundation and has OpenAI's attention. The concept of a personal AI agent that can take real action on your behalf is the future.
But "the future" and "safe for non-technical business owners right now" are two different things.
If you want to follow the OpenClaw ecosystem, do it. If you're a developer, experiment with it in an isolated environment. But if you're a small business owner who just wants AI to handle content creation and daily tasks, you don't need to take on the security burden of self-hosting an AI agent.
There's a version of this that's already safe, already simple, and already works. It just doesn't require you to run a server.
Related Reading
- AI Agents vs. AI Employees: What's the Difference?
- How Nat Eliason's Felix Made $78K in 30 Days
- OpenClaw and the Rise of AI Agents That Run Your Business
- Zero Human 101: How to Run a Business Without Employees
Want the power of an AI agent without the security risk?
Your AI Employee learns your business and voice, then sends finished content via Telegram. No servers. No code. No security vulnerabilities to manage.
More Zero Human Stories