OpenClaw Agent Exposes Systemwide ClawJacked Vulnerability

Oasis Security researchers on March 2, 2026 disclosed a new vulnerability in the OpenClaw autonomous AI agent, dubbed "ClawJacked", that lets malicious websites silently take full control of a developer's local system and exfiltrate data. The flaw affects local web integrations of OpenClaw and underscores urgent needs for sandboxing, patches, and stricter browser-agent isolation to protect developer environments.