Clawdbot Security Concerns: SlowMist Alerts API, Private Message Leakage Risks, Brave Offers 7 Tips to Reduce Risks

Viral AI Assistant Clawdbot Warned by SlowMist of Serious Security Flaws, Potentially Leading to API Key and Confidential Conversation Leaks. Experts Recommend Isolating via Sandbox Mode, Dedicated Devices, and SSH Tunnels to Prevent Risks from Autonomous Proxy Tools.

Clawdbot’s Popularity Sparks Security Alerts

Recently gaining popularity on X (formerly Twitter), the open-source AI assistant tool Clawdbot has caused a buzz in the tech community, but its potential security risks have also raised concerns.

Blockchain security firm SlowMist issued a statement earlier today (1/27) pointing out that Clawdbot’s gateway has serious exposure risks, with hundreds of unauthenticated instances publicly accessible online.

SlowMist states that the vulnerability in Clawdbot’s gateway could lead to a large-scale data breach, including Anthropic API keys, Telegram bot tokens, Slack OAuth credentials, and months of private user conversation records.

Image source: SlowMistClawdbot’s Popularity Triggers Security Warnings

Security researcher and hacker Jamieson O’Reilly explained in more detail that the main cause of exposure is misconfiguration. When users deploy Clawdbot behind reverse proxy servers like Nginx or Caddy, if trust proxy settings are not correctly configured, the system may mistakenly treat all external connections as requests from localhost, bypassing authentication.

Subsequently, hackers can exploit this vulnerability to gain full control without a password, and even execute arbitrary code (RCE) in containers running with root privileges. If your computer running Clawdbot contains sensitive information such as cryptocurrency private keys or financial credentials, there is a risk of asset theft or data leakage.

Image source: Jamieson O’ReillyJamieson O’Reilly points out that misconfigured Clawdbot can allow hackers to access API keys and other sensitive info

Brave Offers 7 Tips to Reduce Clawdbot Security Risks

In response to security concerns posed by Clawdbot, the official Brave browser team also posted recommendations advising users to take the following seven measures to mitigate risks. Note that reducing risk does not mean eliminating it entirely:

• Tip 1: Use dedicated hardware. Never run Clawdbot on your main computer storing important data. Instead, use an old computer or a virtual private server (VPS) for isolation.
• Tip 2: Use dedicated accounts. Grant Clawdbot access only to disposable email addresses or temporary phone numbers, avoiding main accounts being compromised.
• Tip 3: Set up authorization mechanisms. Configure the bot to “Ask before executing” so that high-risk actions require user confirmation, preventing accidental file deletions.
• Tip 4: Enable sandbox mode. Run Clawdbot within isolated containers to limit damage from malicious links or prompts.
• Tip 5: Use SSH tunnels. Never expose the gateway directly to the public internet; communicate with Clawdbot through encrypted SSH channels.
• Tip 6: Avoid adding the bot to groups. Adding the bot to group chats greatly increases hijacking risks; it is recommended to use it only in one-on-one conversations.
• Tip 7: Conduct regular audits. Periodically run Clawdbot’s built-in security audit tools to scan for configuration vulnerabilities and patch promptly.

The Clawdbot recommendations shared by Brave are similar to security configuration suggestions previously shared by independent developers.

• What is Clawdbot? A 5-step simple installation guide: Essential security setup before use

Clawdbot’s Power Comes with Risks, Microsoft Ventures Founder Warns

Rahul Sood, founder of Microsoft Ventures and CEO of Irreverent Labs, also issued a warning, stating that while Clawdbot is powerful—able to control browsers, read/write files, and manage communication apps like Iron Man’s Jarvis—this “full permission” design is precisely where the risk lies.

Image source: Rahul Sood, founder of Microsoft Ventures, warns of Clawdbot security risks

He emphasizes that Clawdbot is not just a simple chatbot but an autonomous agent with full system access, capable of executing arbitrary commands on the user’s computer.

Rahul Sood specifically highlights the danger of “prompt injection,” noting that if AI reads files containing hidden malicious instructions (e.g., hidden text in PDFs requesting copying SSH keys), the model may not distinguish between content and commands, potentially executing attacker commands unknowingly.

He points out that developers intentionally omit safety guards to meet advanced user needs, meaning users must accept the consequences themselves.

Sood urges users not to run such autonomous agents on devices containing banking credentials or medical records. If necessary, isolate them via dedicated machines and SSH tunnels, and do not overlook the significant risks behind the convenience of such tools.

For more on AI proxy tool risks, see:
Notion 3.0 AI Proxy Exploits Security Flaw! A PDF Can Steal Personal Data, Official Emergency Response and Controversy

AI Chaos Continues! Over 80% of Deployments Expose Security Vulnerabilities, How Alibaba Cloud Is Securing AI with AI?