360 Uncovers Three Critical Vulnerabilities in OpenClaw: Is Your AI Agent Safe in the Agent Era?
360’s security team discovered three high-value vulnerabilities in OpenClaw using an AI multi-agent collaboration system. The MEDIA protocol Prompt injection can bypass all tool permissions, affecting 170,000+ instances globally. Over 340 malicious plugins are spreading on ClawHub - enterprises and developers should upgrade immediately and audit installed plugins.