INCIDENT
OpenClaw - The tweet highlights security issues with OpenClaw and
The tweet highlights security issues with OpenClaw and MCP deployments, including API keys in plaintext, lack of spend approval, and vulnerability to injection attacks.
Updated: 3/30/2026
high Severity
Status: active
Description
Bindu Reddy: "LLMs still struggle with connectors and auth on 3rd party systems" She's right. And here's what I see in real OpenClaw deployments: ā¢ API keys in plaintext config files ā¢ Auto mode with no spend approval ā¢ Zero testing for injection attacks MCP isn't the https://t.co/TaAZQfcxAM
Impact
The tweet highlights security issues with OpenClaw and MCP deployments, including API keys in plaintext, lack of spend approval, and vulnerability to injection attacks.
Attack Vectors
- connectors
- auth