Researchers have identified critical security flaws in OpenClaw, a self-hosted AI agent, that allow attackers to execute arbitrary code or steal sensitive data. One vulnerability involves "agentjacking," where malicious instructions are hidden within shared contacts, vCards, or location pins that the agent processes without user intervention. Because these message objects lack proper boundary markers, the underlying large language model cannot distinguish between legitimate metadata and injected commands.

Source