About ClawSploit

Open-source OpenClaw vulnerability scanner and security audit framework.

What Is ClawSploit?

ClawSploit is a purpose-built security audit tool for OpenClaw — the open-source browser automation and orchestration platform. It identifies known CVEs, misconfigurations, insecure defaults, and exploitable weaknesses in OpenClaw deployments before attackers can.

Every scan runs entirely on your local machine. No telemetry, no cloud dependencies, no data exfiltration. You own every byte of your scan results.

Why ClawSploit Exists

OpenClaw is powerful, but its default configuration exposes WebSocket endpoints without authentication, allows cross-origin connections, and leaks internal configuration data. Enterprises deploying OpenClaw often inherit these risks without realizing it.

ClawSploit was created to give security teams, DevOps engineers, and penetration testers a fast, reliable way to audit OpenClaw instances and generate actionable remediation reports.

Our Methodology

ClawSploit uses a two-phase scanning architecture:

• Phase 1 — Parallel Reconnaissance: Port scanning, HTTP header analysis, TLS certificate inspection, and mDNS service discovery run concurrently to build a target profile.
• Phase 2 — Sequential CVE Testing: WebSocket authentication bypass, cross-origin policy checks, configuration read/write tests, path traversal attempts, hook injection detection, and version fingerprinting run in sequence against the target.

All tests are non-destructive and read-only. ClawSploit never modifies target state, writes files, or executes arbitrary code on scanned instances.

CVE Coverage

ClawSploit maintains an actively curated database of OpenClaw-specific CVEs, including:

• CVE-2026-28363 (CVSS 9.9) — Unauthenticated Remote Code Execution via WebSocket
• CVE-2026-25253 (CVSS 8.8) — Cross-Origin WebSocket Hijacking
• CVE-2026-25593 (CVSS 9.1) — Path Traversal via Browser Debug Protocol
• Supply chain advisories (SNYK, GitHub) and named exploits (ClawJacked, ClawHavoc)

The database covers 16+ vulnerabilities across all severity levels, from critical RCE flaws to informational version disclosures.

Technical Expertise

ClawSploit is built entirely with Node.js standard library — no heavy dependencies, no bloated frameworks. The scanner implements WebSocket frame parsing from scratch, performs raw TLS handshakes, and constructs custom HTTP probes for precise vulnerability detection.

Key technical details:

• 10 specialized scanner modules covering all known OpenClaw attack surfaces
• Real-time progress streaming via Server-Sent Events (SSE)
• Self-contained HTML report generation with embedded styles
• Mock server with configurable vulnerability flags for safe testing
• MIT licensed — fully open-source and auditable

Who Should Use ClawSploit

• Security teams performing internal audits of OpenClaw deployments
• Penetration testers assessing OpenClaw as part of broader engagements
• DevOps engineers validating OpenClaw configuration before production deployment
• Security researchers studying OpenClaw's attack surface

Responsible Disclosure

ClawSploit is intended exclusively for authorized security testing. Always obtain proper authorization before scanning any system you do not own. If you discover a new vulnerability in OpenClaw, we encourage responsible disclosure through the OpenClaw project's security policy.