depthfirst | 1-Click RCE To Steal Your Moltbot Data and Keys

A critical 1-Click Remote Code Execution (RCE) vulnerability has been discovered in OpenClaw (formerly Moltbot), an AI personal assistant trusted by over 100,000 developers. The exploit, chained by Mav Levin, leverages a logic flaw identified by depthfirst that allows an attacker to steal authentication tokens and execute arbitrary code on a victim’s machine with a single click on a malicious webpage. The vulnerability has been patched, and users are advised to upgrade and rotate tokens if compromised.