1. Critical Vulnerability in OpenClaw Skill Installer Exposes LLM API Keys to Stealth Theft
A critical security flaw in OpenClaw's third-party Skill marketplace allows malicious actors to execute arbitrary shell commands on a user's system during Skill installation — without any sandbox isolation, permission prompt, or code review. The vulnerability, classified as OWASP LLM Top 10: LLM03:2025 (Supply Chain Vu...