Ian Campbell 🏴2d ago

RE: https://social.lansky.name/@hn50/116341899721749250

oh jesus tapdancing christ

[post was removed; h/t @tom https://web.archive.org/web/20260403174403/https://www.reddit.com/r/sysadmin/comments/1sbdw29/if_youre_running_openclaw_you_probably_got_hacked/?solution=44f7932102051db444f7932102051db4&js_challenge=1&token=bbbe4bf1c9a2b5160829c4be34da58614082fcc1e861ded7105b5ece1538a6d5 )

Show threadIan Campbell 🏴2d ago
i know i'm an AI skeptic, but i did not expect "virally popular agent does no authentication checks before escalating system privileges"
Show threadIan Campbell 🏴2d ago

thing is, this is likely to cause many downstream enterprise breaches, even in enterprises that actively ban openclaw.

unauthorized instances, or instances that allow a threat actor to pivot from private hardware to work hardware.

pure negligence, rolling OpenClaw out in the way they did, both the devs and all the hosting companies that saw profit in providing easy-install packages.

Show threadViss2d ago
@neurovagrant say, you wanna do the thing today?
Show threadIan Campbell 🏴2d ago
@Viss sure what time?
Show threadViss2d ago
@neurovagrant i literally have all day open, and the entire day is earmarked for dealing with it, so just throw a dart for whenever is comfy for you :D
Show threadIan Campbell 🏴2d ago
@Viss 1500 Eastern / 1200 pacific?
Show threadViss
@neurovagrant done!
Apr 3 at 6:09pmWeb
Show threadIan Campbell 🏴2d ago
@Viss sweet, will email you a Meet link, thanks man