OpenClaw Security Monthly Digest — March 2026

📝 By Nasser Oumer📅 March 4, 2026⏱️ 5 min read📰 Digest

Monthly roundup of the most important security developments in the OpenClaw ecosystem. Last updated March 4, 2026.

Key Developments

Steinberger Joins OpenAI, OpenClaw Foundation Launches

On February 14, OpenClaw creator Peter Steinberger announced he is joining OpenAI to lead personal agent development. The OpenClaw project is transitioning to an independent, OpenAI-sponsored foundation. This could bring more resources to security, but also raises questions about governance and direction.

Malicious Skills Count Continues Rising

The confirmed count of malicious skills on ClawHub has risen from 341 (Koi Security's initial audit) to over 820 (as of latest scans). Bitdefender estimates approximately 900. Antiy CERT's analysis found 1,184 — roughly one in five packages in the ecosystem. Trend Micro identified 39 skills across ClawHub and SkillsMP distributing AMOS.

Six New Vulnerabilities from Endor Labs

Endor Labs disclosed six additional OpenClaw vulnerabilities on February 18, 2026: CVE-2026-26322 (SSRF, CVSS 7.6), CVE-2026-26319 (webhook auth bypass, CVSS 7.5), CVE-2026-26329 (path traversal), plus three additional issues. All are patched in current versions.

SecureClaw Open Source Tool Debuts

Adversa.ai released SecureClaw, an open-source hardening tool that runs 55 automated audit checks mapped to OWASP Agentic AI categories and MITRE ATLAS. It operates as both a code-level plugin and a behavioral skill. SecurityWeek covered the launch.

MCP Security White Paper Published

The Coalition for Secure AI (CoSAI) published a comprehensive MCP security white paper identifying 12 core threat categories and nearly 40 distinct threats. Essential reading for anyone deploying agents that use MCP servers.

Patching Status

Current recommended version: 2026.2.25+. As of writing, there are no known unpatched CVEs in the latest release. However, SecurityScorecard data shows a significant number of instances still running vulnerable versions. If you haven't updated, do it now.

What to Watch in April

The OpenClaw Foundation's governance structure and security roadmap. Whether VirusTotal's integration measurably reduces the malicious skills ratio. Potential regulatory action following the Dutch DPA's warning. And the broader question of whether MCP security standards will emerge before the next major incident.

Subscribe to our blog for monthly updates. Follow Nasser Oumer on LinkedIn for real-time analysis.

🛡️ Use Skills You Can Trust

25 pre-audited skill packs · 169 rules · 24 agents. Reviewed by a cybersecurity professional.

Explore Skills Packs →
Nasser Oumer

Nasser Oumer

20+ years in cybersecurity · ISO 42001 Lead Auditor · ISO 27001

About · LinkedIn

Last updated: March 4, 2026. ← Back to blog