OpenClaw或OpenFlaw：OpenClaw生态系统威胁评估

February 11, 2026 Table of contents The Genesis of Agentic Risk: Evolution, Identity, and the "Vibe Coding" Crisis............................. 5 The Clawdbot Era: Functionality Over Security............................................................................................................ 5The Moltbot Transition and the Security Vacuum..................................................................................................... 5The Emergence of OpenClaw and "Vibe Coding"...................................................................................................... 6 Critical Design Flaws: The "Lethal Trifecta".......................................................................................... 8 The Local-First Runtime Risks................................................................................................................................................... 8The "Lethal Trifecta" Realized.................................................................................................................................................... 8Persistent Memory and Time-Shifted Attacks..............................................................................................................9The "OpenClaw Paradox"............................................................................................................................................................. 9The "Shadow AI" Enterprise Infiltration.............................................................................................................................. 10 The WebSocket Hijack (One-Click RCE) - CVE-2026-25253.............................................................................. 11Remote Command Injection in Docker Container - CVE-2026-24763...................................................... 11The "Exposed Instance" Epidemic.........................................................................................................................................12 The Supply Chain Vector: ClawHub and "ClawHavoc"..................................................................... 13 The Anatomy of a Malicious Skill.......................................................................................................................................... 13Case Study: The "ClawHavoc" Campaign...................................................................................................................... 13The VirusTotal Integration Paradox.................................................................................................................................... 14 The Moltbook Deception: A Simulated Civilization............................................................................15 Security Failure leads to Massive Data Leakage.......................................................................................................15The "Yellow Pages" for Threat Actors..................................................................................................................................16The "Church of Molt".......................................................................................................................................................................16Encrypted Channels and Covert Ops............................................................................................................................... 16 Economic and Physical Threats: MoltRoad and Rentahuman.ai....................................................17 MoltRoad: The Decentralized Darknet............................................................................................................................... 17Rentahuman.ai: The "Reverse Gig Economy" Risks.................................................................................................. 18 MoltBunker: The Persistence Layer...................................................................................................................................... 19ClawCity and ClawLove..............................................................................................................................................................19 Vulnerabilities Exploitation.......................................................................................................................................................20Scanning for OpenClaw.............................................................................................................................................................22OpenClaw and its Ecosystem as a Supply Chain Threat...................................................................................24Conclusion.......................................................................................................................................................................................... 25 Executive Summary The rapid emergence of the OpenClaw ecosystem - encom