If this is true, it doesn't matter where you host OpenClawd — anyone who can interact with your agent can extract your prompts and context, and anything your agent reads (webpages, documents, emails, code) can contain hidden instructions that it will follow. If I put my hacker hat on, this is how I'd set a "Lobster Trap" to target unsuspecting clawd agents ... 1. Attacker creates "OpenClawd Skills Repository" or "Free Trading Research Prompts" to entice victims ↓ 2. User tells agent "check out this skills page" — or agent autonomously browses ↓ 3. Page contains hidden: ↓ 4. Agent complies (91% success rate), sends response containing your config ↓ 5. Attacker now has your trading research methodology, memory contents, etc. Be careful out there.
Lucas Valbuena
@NotLucknite
02-01
I've just ran @OpenClaw (formerly Clawdbot) through ZeroLeaks.
It scored 2/100. 84% extraction rate. 91% of injection attacks succeeded. System prompt got leaked on turn 1.
This means if you're using Clawdbot, anyone interacting with your agent can access and manipulate your
From Twitter
Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Like
Add to Favorites
Comments
Share
Relevant content
