OpenClaw, the most popular open-source agent framework, has three unpatched high-severity CVEs. One of them gives an attacker full control of your agent from a single malicious link, even on localhost. And 1 in 5 skill packages on its marketplace have been flagged as malicious. There is no patched version.

https://composio.dev/content/openclaw-security-and-vulnerabilities