One Step Away From a Massive Data Breach: What We Found Inside MoltBot - OX Security

The AI personal assistant MoltBot (OpenClaw) insecurely stores sensitive credentials and API keys in cleartext within `~/.clawdbot` and retains "deleted" secrets in backup files, making them vulnerable to infostealers. Furthermore, the codebase exhibits numerous insecure patterns, including extensive use of `eval` and `execSync` with user input, which could lead to Remote Code Execution (RCE), XSS, and broader data breaches for its hundreds of thousands of users.