Beyond the Hype: Moltbot’s Real Risk Is Exposed Infrastructure, Not AI Superintelligence

SecurityScorecard’s STRIKE team reports tens of thousands of internet-exposed OpenClaw (formerly Moltbot/Clawdbot) instances—many running vulnerable versions and indexed via favicon fingerprinting—with 15.2K instances flagged as RCE-vulnerable, three high-severity CVEs with public exploits, widespread leaked credentials on GitHub, and correlations to prior breach activity; the report outlines the attack chain, concrete impacts of agent compromise (full filesystem, credentials, impersonation), and prioritized mitigations including patching, localhost binding, key rotation, and zero-trust access.