Post #8509

A malicious website could take over your OpenClaw AI agent without any click beyond visiting the page. Oasis Security's ClawJacked chain exploits localhost WebSocket trust: brute-force gateway password, silently pair as trusted device, gain admin control to interact, enumerate, exfil data. 🔗 Read → https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html