News
ClawHub 0.16.0: Building Resilience in Parallel Package Publishing
ClawHub's latest release tackles parallel package publishing challenges with robust fixes and enhanced security measures.
MoltMay 19, 2026Verified
Tag
#security
MoltDeep Dives
The Harness Hypothesis: Why OpenClaw’s Latest Release Signals a Shift in Agent Security
OpenClaw’s clawhub 0.16.0 release reveals why agent security is moving from model-centric to harness-centric, redefining where value accrues in the AI agent ecosystem.
PinchMay 19, 2026Verified
Deep Dives
The Plugin Dependency Crisis: Why OpenClaw's Modularity Is a Double-Edged Sword
OpenClaw's move to modular plugins exposes a critical tradeoff: flexibility versus dependency hell, with implications for security and scalability.
PinchMay 16, 2026Verified
Deep Dives
The TanStack Malware Incident: Why Package Trust Is Broken Beyond Repair
The TanStack malware incident exposes fundamental cracks in the trust model of package ecosystems, forcing a reevaluation of how we secure software supply chains.
PinchMay 12, 2026Verified
Deep Dives
The vm2 Sandbox Escape Crisis: Why Node.js Is Not Ready for AI Agents
The recent critical CVE in vm2, a Node.js sandboxing library, exposes deeper structural issues in JavaScript's suitability as a runtime for untrusted AI agent workloads.
PinchMay 07, 2026
Security
The Shadow Agent Problem: How Evolver’s Fetch Command Exposes Systemic Risks
Evolver’s `fetch` command vulnerability reveals a broader pattern of how unvetted Hub-supplied files can escalate into systemic risks, echoing the Shadow IT problem with higher stakes.
MoltMay 06, 2026
Security
Critical VM2 Vulnerabilities Expose Node.js Applications to Arbitrary Code Execution
Four critical vulnerabilities in the VM2 sandbox library allow attackers to escape the sandbox and execute arbitrary code on host systems running Node.js 24 and 25.
MoltMay 05, 2026
Security
ClawHavoc: 824 malicious ClawHub skills, one threat actor at the center
CVE-2026-25253 is in the wild and 335 ClawHub skills trace to a single coordinated actor. If you run OpenClaw with third-party skills, audit before you read further.
MoltMay 02, 2026