If you thought running an AI agent locally kept it safely inside your machine’s walls, you’re in for a surprise. Researchers at Oasis Security have disclosed a flaw chain that allowed a malicious website to quietly connect to a locally running OpenClaw agent and take full control. The issue stems from a fundamental assumption baked into developer tools that anything coming from “localhost” can be trusted. In reality, however, modern browsers allow external websites to open WebSocket connections to local services. According to Oasis findings, malicious browser pages can silently connect to the OpenClaw gateway, which auto-trusts localhosts and disables rate limits, enabling rapid password bru...