I think the more likely attack vector in OpenClaw is convincing it to install a malicious npm package or script, have that siphon all machine/env secrets, and then watch those secrets get abused. (Cloud API key -> crypto mining. Wallet key->theft. Npm credentials->worm publishes more copies of itself. GitHub key->more theft and malicious code upload. Email API key->IP theft and password reset on other systems) Almost all of this can be automated, so the attacker doesn’t have to know who you are.

It’s not targeted per se.

> I find it a bit irrational to pretend that open claw is a genuine security risk.

Except that it is an actual security risk, no pretending is needed. In general, agents expand the security surface and attack vectors, regardless of framework.

Your argument that it hasn't happened, therefore it doesn't exist is a well known cognitive bias.

See the Lethal Trifecta for one way in which security requires more thoughtfulness.

[dead]