March 4, 2026·25 min read·By Oginome

OpenClaw: 7,617 Files, 250K Stars, and 8 CVEs

A Source Code Investigation of the Fastest-Growing AI Agent Framework

Listen to this investigation

Methodology

This investigation is based on a complete source code review of OpenClaw's GitHub repository (7,617 files, depth-1 clone of commit 2026.3.3). No code was executed. Findings were cross-referenced with 20+ external sources including CVE databases, vendor security reports, and academic research.

Risk Assessment

Security

8 CVEs in 3 months. 135K+ instances exposed to the internet. 824+ malicious skills in the marketplace.

Stability

Founder left for OpenAI. 14-day hypergrowth outpaced security investment. Architecture is solid but battle-scarred.

Capability

Genuinely impressive engineering. Hybrid memory, formal verification (TLA+), 22+ messaging integrations.

By the Numbers

250K+

GitHub Stars

7,617

Source Files

CVEs

135K

Exposed Instances

Should You Use OpenClaw?

1. Security track record is unacceptable for enterprise

ClawJacked (CVSS 8.8) allowed remote WebSocket hijacking. Default configuration exposed 135,000+ instances to the open internet. The ClawHavoc campaign planted 824+ malicious skills in ClawHub, with 36% containing prompt injection vectors.

2. Founder departure creates leadership uncertainty

Peter Steinberger joined OpenAI in February 2026, barely three months after launch. Open source projects can survive founder departure, but the timing—mid-security crisis—is concerning.

3. The architecture is impressive but the attack surface is vast

22+ messaging channel integrations means 22+ attack vectors. The skill marketplace (ClawHub) is a supply chain attack surface. Every integration point is a potential vulnerability.

Timeline

Oct 2025

OpenClaw launches as open-source AI agent framework

Nov 2025

190K GitHub stars in 14 days — fastest growth in GitHub history

Dec 2025

CVE-2026-25253 (ClawJacked) — CVSS 8.8, WebSocket hijacking

Jan 2026

ClawHavoc: 824+ malicious skills discovered in ClawHub

Jan 2026

135K+ exposed instances found via Censys/Shodan scans

Feb 2026

Peter Steinberger joins OpenAI

Mar 2026

Community-led security hardening in progress

Bottom Line

Impressive engineering. Unacceptable risk for enterprise use.

OpenClaw proves massive demand for personal AI agents. But the gap between “technically possible” and “enterprise ready” remains wide. Watch the project. Don't deploy it in production. Yet.

AI-assisted research & writing · Human editorial decisions · Source code analysis by Ogino