January 31, 2026
Breach or buzz bait?
OpenClaw Security Assessment by ZeroLeaks [pdf]
OpenClaw “10/10 Danger” report drops — hype, hoax, or huge problem
TLDR: A new report says OpenClaw is easy to trick, claiming a 10/10 risk and 91% attack success, but commenters question the source’s credibility and lack of model details. The thread splits between “this is hype” and “this exposes a real problem,” highlighting a bigger fight over AI safety and trust.
A bombshell security write‑up from a newcomer called ZeroLeaks claims OpenClaw is a disaster zone, flashing a 10/10 risk and 2/100 security score. The report says attackers could trick the AI 91% of the time with “prompt injection” (sneaky instructions that make the AI spill secrets), allegedly pulling out internal rules, tool names, and even special tokens in 11 of 13 tries. Scary numbers, right? Well, the crowd isn’t buying all of it.
Commenters went full detective. One top voice pointed out the site is just 13 days old and dropped a WHOIS link like a mic. Another blasted the report for naming no specific AI models, arguing that without that detail, the stats sound like theater. There’s also shade about the doc itself: “looks like a Markdown pasted into a PDF,” with others snarking that it’s a “moltbook agent” fishing for Hacker News clicks. The vibe split fast: one side yells “sky’s falling,” the other says “smoke machine.” Still, a quieter middle reminds everyone that prompt tricks are a known headache—especially for older models—and even a messy messenger can spotlight a real problem. The finale? A classic internet showdown: is this a real fire or just really good fog?
Key Points
- •ZeroLeaks rated OpenClaw at critical risk with ZLSS 10/10 and Security Score 2/100.
- •System prompt extraction succeeded with 11 findings exposing configuration and operational details.
- •Prompt-injection testing had a 91% success rate in manipulating system behavior.
- •Across 13 adversarial attempts, 11 succeeded (84.6% extraction rate), yielding a 15.4% resistance rate.
- •Critical findings revealed internal tools, constraints, tokens, and protocols; recommendations include pattern detection, strict disclosure refusal, targeted training, and meta-prompt awareness.