1-Click RCE To Steal Your Moltbot Data and Keys
Summary
DepthFirst reveals a critical 1-Click Remote Code Execution vulnerability in OpenClaw, detailing how insecure gateway URL handling, unvalidated WebSocket origins, and default safety configurations can leak tokens and enable arbitrary code execution. The post walks through the exploit chain, discusses mitigations, and references a patch advisory and token-rotation guidance.