OpenClaw Security: Prevent Prompt Injection & Supply Chain Attacks

In 2026, DeepInfra highlighted significant security concerns surrounding OpenClaw, an AI agent runtime that faced vulnerabilities due to its architecture, which allowed attackers to exploit prompt injection and supply chain attacks. Despite patches, the core issue remained unresolved as OpenClaw's design inherently lacked a mechanism to differentiate between trusted and untrusted inputs, making it susceptible to indirect prompt injection attacks. The ClawHavoc campaign exemplified the exploitation of these vulnerabilities through the manipulation of skills available in the ClawHub registry. DeepInfra proposed solutions like the external wrapper NemoClaw, which places security measures outside the agent process, offering a more robust defense against such attacks. By implementing an isolated inference service, leveraging DeepInfra's open-weight models, and employing a layered security approach, organizations can better protect OpenClaw deployments from potential threats.