OpenClaw presents a high-severity, multi-vector exposure encompassing indirect prompt injection (XPIA) capable of silent data exfiltration via messaging platform link previews, a supply chain risk through malicious ClawHub skills, exploitable default configurations including exposed management ports and plaintext credential storage, and an active infostealer distribution campaign targeting users via poisoned GitHub repositories ranking in top Bing search results. CNCERT has issued a formal advisory and Chinese government entities have restricted OpenClaw use on sensitive networks, signaling that current mitigations are considered insufficient for high-consequence environments. Immediate actions include containerizing OpenClaw deployments, disabling unverified ClawHub skill installation, restricting link preview rendering in integrated messaging platforms, and auditing any installation sources used internally.