Security researchers have uncovered six high-to-critical flaws affecting the open-source AI agent framework OpenClaw, popularly known as a “social media for AI agents.” The flaws were discovered by Endor Labs as its researchers ran the platform through an AI-driven static application security testing (SAST) engine designed to follow how data actually moves through the agentic AI software. The bugs span several web security categories, including server-side request forgery (SSRF), missing webhook authentication, authentication bypasses, and path traversal, affecting the complex agentic system that combines large language models (LLMs) with tool execution and external integrations. The researc...