Critical Vulnerabilities Found in Clawdbot AI Agent for Cryptocurrency Theft

Security experts warn of Clawdbot's risks, including data exposure and API key leaks.

Security experts have warned about the dangers of using the AI assistant Clawdbot, which may inadvertently disclose personal data and API keys.

🚨SlowMist TI Alert🚨

Clawdbot gateway exposure identified: hundreds of API keys and private chat logs are at risk. Multiple unauthenticated instances are publicly accessible, and several code flaws may lead to credential theft and even remote code execution (RCE).

We strongly… https://t.co/j2ERoWPFnh

— SlowMist (@SlowMist_Team) January 27, 2026

“Clawdbot gateway vulnerability discovered: hundreds of API keys and private chats are at risk. Several unauthenticated instances are publicly accessible. Code flaws could lead to data theft and even remote code execution (RCE),” stated SlowMist.

The company urged the implementation of strict IP whitelisting for open ports.

Security researcher Jamison O’Reilly stated that “hundreds of people have configured their Clawdbot management servers to be publicly accessible.”

Clawdbot is an open AI assistant developed by entrepreneur Peter Steinberger. It operates locally on the user’s device and went viral over the weekend of January 24-25.

Nature of the Vulnerability

The agent’s gateway connects large language models to messaging platforms and executes commands on behalf of the user via a web interface called Clawdbot Control.

The authentication bypass vulnerability occurs when the gateway is placed behind a misconfigured reverse proxy, explained O’Reilly.

The researcher was able to easily find open servers using internet scanning tools like Shodan. He searched for characteristic “fingerprints” in the HTML code.

“Gathering information on Clawdbot Control requests took only seconds. I obtained hundreds of results using several tools,” he explained.

O’Reilly gained access to complete credentials: API keys, bot tokens, secret OAuth keys, signing keys, full chat histories across all platforms, the ability to send messages on behalf of the user, and execute commands.

“If you use the agent’s AI infrastructure, check your configuration today. See what is actually open to the internet,” advised the expert.

Theft of Private Keys

The AI assistant can be used for more malicious purposes—such as stealing crypto assets.

Archestra AI CEO Matvey Kukuy was able to obtain a private key “in five minutes.” He sent an email to Clawdbot with a “prompt injection” attack and asked the bot to check the mail.

Drama in one screenshot:
1) Sending Clawdbot email with prompt injection
2) Asking Clawdbot to check e-mail
3) Receiving the private key from the hacked machine
… took 5 minutes
That’s why we build non-probabilistic agentic security in Archestra: https://t.co/ukhV6Z7tl1 pic.twitter.com/2d6OP7mNnv

— Matvey Kukuy (@Mkukkk) January 27, 2026

Clawdbot differs from other AI agents in that it has full system access to the user’s computer. It can read and write files, execute commands, run scripts, and control browsers.

Earlier in January, SlowMist discovered a “future attack” in the Linux store.