According to security reporting, China’s CNCERT has issued an advisory against OpenClaw, an open-source autonomous AI agent, citing prompt injection vulnerabilities, malicious skill repositories, and exploitable default configurations that can lead to full endpoint compromise and data exfiltration. Researchers at PromptArmor demonstrated that indirect prompt injection via messaging app link previews can silently transmit sensitive data to attacker-controlled domains without any user interaction. Simultaneously, threat actors are distributing infostealer-laced fake OpenClaw installers through GitHub repositories. Huntress researchers documented that one malicious repository ranked as a top Bing search result for OpenClaw on Windows, indicating that standard user discovery paths led directly to the malicious installer.