Key Highlights
- Clawdbot exposes API keys and chat logs online—hackers could steal data or take control if instances aren’t locked down.
- Misconfigured Clawdbot agents can act independently, letting attackers impersonate users or manipulate digital interactions.
- A number of copycat Clawdbot crypto tokens soar on hype amid market buzz.
Open-source AI agent platform Clawdbot is currently facing security risks amid broader market trend. In the latest update on X, security firm SlowMist highlighted that hundreds of API keys and private chat logs from Clawdbot are exposed online.
As per the post, some Clawdbot instances can be accessed by anyone without a password, which could let hackers steal login info or even run malicious commands. SlowMist recommends locking down any open ports so only trusted IP addresses can connect.
The threat stems from how Clawdbot connects AI agents to messaging platforms and manages integrations. Clawdbot Control, the web-based admin interface, holds sensitive information such as conversation histories and API keys.
As noted by hacker Jamieson O’Reilly on X, the exposure is similar to hiring a butler and leaving your front door wide open. Anyone can access private chats, API keys, and other credentials if the Control UI is improperly secured.
Exposed gateways and misconfigurations
Clawdbot’s gateway handles message routing, tool execution, and credential management. However, O’Reilly discovered that some instances run with default settings that auto-approve localhost connections.
Consequently, reverse proxy setups misinterpret external connections as local, allowing unauthenticated access. Some servers run the agent as root, granting full system control to anyone who finds the gateway online.
The vulnerabilities of Clawdbot can be easily found by using online tools like Shodan or Censys. Simply searching for “Clawdbot Control” results in hundreds of exposed instances within seconds.
“Something users (developers included) often don’t realise is, the entire IPv4 internet gets scanned continuously – by people on both sides of the security spectrum,” O’Reilly said.
He noted that many of these contain chat logs, API keys, as well as login credentials for Telegram, Slack, Signal, and other services, making it easy for hackers to pretend to be users, steal their information, or control what they see.
Operational risks and real-world impact
The hacker himself ironically emphasized that Clawdbot agents are independent and can send messages, perform commands, and change their responses without anyone observing. This makes them susceptible to hacking, where a hacker could pretend to be you or alter your digital interactions.
O’Reilly pointed out the risks associated with AI agents. In one case, there was an exposure of signal integrations, where the device pairing file was publicly accessible. This meant that the encryption could be bypassed. In another case, the server was executing commands and had full system access, exposing sensitive files and settings.
Crypto market buzz: Clawdbot tokens
The Clawdbot craze has spilt over into crypto. Several Clawdbot copycat tokens have seen huge short-term jumps. One token rose nearly 129,000% in a day, while another shot up 4,778% over 24 hours.
These copycat tokens are examples of the hype and meme effect that creates a great deal of excitement in the market. While the project itself, Clawdbot, is all about innovation in AI, the rush to invest in these tokens is all about the potential gains that these projects might bring.
Also Read: Kraken Brings DeFi Yield In-App With Morpho-Powered Earn
