AI Hacking
AI Security Resources

OpenClaw & Hermes Agent Security

Security hardening for the two most popular AI agent frameworks. Protect your agents from the latest attack vectors.

🔴 30,000+ Exposed OpenClaw Instances 🟡 Hermes Tool Registry Poisoning 🟢 OWASP Agentic Top 10 2026

The OpenClaw Exposure Crisis

Over 30,000 OpenClaw instances are exposed to the public internet without authentication — no API key, no password, no access control. This represents one of the largest unsecured AI agent attack surfaces on the internet.

Gateway Takeover

Unauthenticated OpenClaw gateways allow attackers to execute arbitrary commands, access files, and control connected agents. CertiK identified this as a critical vulnerability in their 2026 audit.

curl http://openclaw-instance:port/api/execute -d '{"command": "whoami"}'

Identity Bypass

Weak or missing authentication on agent identity systems allows attackers to impersonate legitimate agents and intercept communications between agents and tools.

Prompt Injection via Skills

Malicious OpenClaw skills can inject prompts that override system instructions. Attackers can publish poisoned skills to public repositories.

Hermes Agent Vulnerabilities

Hermes (by NousResearch) is one of the most capable open-source autonomous agent frameworks. Its function-calling capabilities create unique security challenges.

Tool Registry Poisoning

Attackers can register malicious tools in the Hermes tool registry. When the agent calls these tools, sensitive data is exfiltrated or unauthorized actions are performed.

Attack Vector: Compromised tool definitions → Agent calls malicious endpoint → Data exfiltration

Function-Call Injection

Malicious inputs can manipulate the LLM into generating harmful function calls. This bypasses safety filters by exploiting the function-calling mechanism itself.

hermes-px: Malicious PyPI Package

A malicious PyPI package named 'hermes-px' posed as a privacy proxy but stole prompts and code. Discovered by JFrog Security Research in April 2026.

Hardening Checklist

OpenClaw Defenses

  • ✅ Enable authentication on ALL gateway endpoints
  • ✅ Use API keys with least-privilege access
  • ✅ Deploy behind a reverse proxy with TLS
  • ✅ Validate all skills before installation
  • ✅ Monitor agent logs for anomalous behavior
  • ✅ Network segmentation: agents in isolated VLANs
  • ✅ Regular security audits of skill repositories

Hermes Defenses

  • ✅ Validate tool schemas before registration
  • ✅ Sanitize all function parameters
  • ✅ Implement allowlists for callable functions
  • ✅ Use signed tool definitions
  • ✅ Monitor function call patterns
  • ✅ Rate-limit function invocations
  • ✅ Audit third-party tool dependencies

Resources & References

OpenClaw Security

Hermes Security

OWASP Agentic 2026

Related Topics

Agentic AI Security MCP Security OWASP LLM Top 10 Testing Tools