SUB-10
LAUNCH-CLAWS
SUB-10
LAUNCH-CLAWS
Loading...
Tips, guides, and news from the ClawHosters team.
Plaintext API keys in config files are still the number one misconfiguration risk for self-hosted OpenClaw instances. SecurityScorecard's scan found over 40,000 exposed instances with credentials sitting in readable YAML. OpenClaw v2026.2.26, released February 27 by 45 contributors and led by...
A single malicious link. That is all it takes to get full command execution on an unpatched OpenClaw instance. CVE-2026-25253 landed on the NVD on February 1, 2026, carrying a CVSS score of 8.8 (HIGH). Security researcher Mav Levin at DepthFirst discovered the flaw, and Belgium's CCB issued a...
On February 13, 2026, Hudson Rock detected something that was probably inevitable. A Vidar infostealer sample had swept an infected machine's `.openclaw/` directory and exfiltrated everything inside it. Gateway tokens. Private cryptographic keys. And the files that make your OpenClaw agent...
Endor Labs security researchers ran their AI-driven SAST tool against OpenClaw's codebase in early February and pulled out six vulnerabilities. Four rated high severity. All six had working proof-of-concept exploits within 24 hours of discovery.
Simon Willison's lethal trifecta described three conditions that make an AI agent dangerous: access to private data, exposure to untrusted content, and the ability to communicate externally. Get all three in one system and you have a security problem. OpenClaw has all three by design.
$11 million in funding. Khosla Ventures and Felicis leading the round. And now Runlayer just shipped two products that directly address the biggest headache in enterprise AI right now: nobody knows what MCP servers are running on their machines.
DeepSeek just made a quiet move that most people missed. In early February 2026, the company expanded its consumer app context window from 128K to over 1 million tokens. No announcement. No press event. TrendForce confirmed the tenfold jump, and South China Morning Post reported that DeepSeek...
Adversa AI just released SecureClaw -- the first open-source security plugin for OpenClaw that maps directly to all 10 OWASP Agentic Security Initiative categories. It's free, it's on GitHub, and it tackles a problem most OpenClaw users ignore until something breaks.
On February 17, 2026, somebody used a stolen npm publish token to ship `cline@2.3.0` with one addition: a postinstall script that ran `npm install -g openclaw@latest`. Around 4,000 developers downloaded it before the Cline team pulled the package eight hours later.
We built the ClawHosters Affiliate Program the way we'd want one built for ourselves: 15% recurring commission for 12 months, zero minimum payout, and your affiliate code works as a coupon for your community at the same time. It's live today.
22 pull requests in four days. The OpenClaw v2026.2.21 release shipped on February 21, and the maintainers described it as a "make everything better" release. That's vague. So here is what actually changed.
Peter Steinberger, the Austrian developer behind OpenClaw, is now at OpenAI. Sam Altman called him "a genius" on X and announced he'll lead the next generation of personal agents. As TechCrunch reported on February 15, this is an acqui-hire. OpenAI hired the person, not the project.