Overview
OpenClaw became the most-installed self-hosted agent of late 2025 / early 2026, peaking around 135,000 installs. The January 2026 security crisis (CVE-2026-25253 et al.) triggered a transfer to a Linux Foundation-hosted foundation and a substantial security overhaul. The 2026.4 line ships sandbox-on, encrypted credentials, authenticated dashboard. Plugin ecosystem is the largest in the category.
Quick verdict
Best for
- Existing OpenClaw deployments with custom plugins
- Teams already trained on the OpenClaw model
- Agents that need the largest plugin marketplace
Not for
- New deployments — Hermes Agent is the easier on-ramp
- Pre-2026.3 hosts that haven't migrated (assume compromise)
- Strict no-cloud requirements (use ZeroClaw)
Security posture
| Sandbox by default | yes |
| Auth on dashboard | yes |
| Threat model documented | yes |
| Multi-LLM support | yes |
| CVEs disclosed (lifetime) | 17 |
| CVEs open right now | 1 |
Links
- Homepage: https://openclaw.io
- Repository: https://github.com/openclaw/openclaw
Run OpenClaw on portable hardware
Verified working on these portable hosts (with the standard caveats — see the per-device pages for power, RAM headroom, browser-tool support):
Compare OpenClaw with others
OpenClaw security advisories (7)
- CVE-2026-25898credential leak via verbose error logs2026-04-22
- CVE-2026-22807prompt-injection-resistant audit log incomplete2026-04-18
- CVE-2026-23912tool description spoofing across implementations2026-04-03
- CVE-2026-24891path traversal in file tool2026-03-17
- CVE-2026-25712auth bypass via WebSocket downgrade2026-02-21
- CVE-2026-25103credential storage in plaintext on disk2026-02-04 · ⚠ in wild
Stats refreshed continuously from public sources (GitHub API, NVD CVE feed, CISA KEV, project releases). See our methodology for the full tracking pipeline.
See also: all AI agents, all AI CVEs, AI hardware, scan your AI stack, Pro alerts.