Techly NewsGet the app

Get the latest tech news

1-Click RCE to steal your Moltbot data and keys


A technical teardown of a 1-click RCE against OpenClaw (formerly Moltbot/ClawdBot), a viral open-source AI assistant trusted by 100,000+ developers with high-privilege access. See how a settings logic flaw and a WebSocket pivot turn a single webpage visit into token exfiltration, safety-control bypass, and arbitrary command execution.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of keys

keys

Photo of click rce

click rce

Photo of Moltbot

Moltbot

Related news:

News photo

The viral AI agent Moltbot is a security mess - 5 red flags you shouldn't ignore (before it's too late)

News photo

OpenClaw – Moltbot Renamed Again

News photo

Agents gone wild! Companies give untrustworthy bots keys to the kingdom

« Oregon gave homeless youth $1k/month with no strings. Here's what happened
Margin Call »