[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-openclaw-135000-star-saas-security-crisis-zh":3,"article-related-openclaw-135000-star-saas-security-crisis-zh":30,"series-industry-5e307407-6df6-4673-8eef-2164076e5934":77},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":22,"views":26,"created_at":27,"published_at":28,"topic_cluster_id":29},"5e307407-6df6-4673-8eef-2164076e5934","openclaw-135000-star-saas-security-crisis-zh","OpenClaw 13.5 萬星後爆出 SaaS 安全危機","\u003Cp data-speakable=\"summary\">\u003Ca href=\"\u002Ftag\u002Fopenclaw\">OpenClaw\u003C\u002Fa> 衝上 13.5 萬 \u003Ca href=\"\u002Ftag\u002Fgithub\">GitHub\u003C\u002Fa> stars 後，接連爆出惡意 skills、外洩實例與 token 風險。\u003C\u002Fp>\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpetersteinberger\u002Fopenclaw\" target=\"_blank\" rel=\"noopener\">OpenClaw\u003C\u002Fa> 是由 Peter Steinberger 開源的 \u003Ca href=\"\u002Ftag\u002Fai-agent\">AI agent\u003C\u002Fa>，短時間內星標數破 13.5 萬。\u003Ca href=\"https:\u002F\u002Fwww.reco.ai\u002F\" target=\"_blank\" rel=\"noopener\">Reco\u003C\u002Fa> 在 2 月 12 日的分析指出，這類 agent 一旦拿到檔案、郵件、行事曆與訊息\u003Ca href=\"\u002Fnews\u002Fmcp-servers-ai-workflows-explained-zh\">工具\u003C\u002Fa>權限，原本的效率工具就會變成高風險攻擊面。\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>項目\u003C\u002Fth>\u003Cth>數值\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>GitHub stars\u003C\u002Ftd>\u003Ctd>135,000+\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Malicious skills found\u003C\u002Ftd>\u003Ctd>341\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Total skills registry\u003C\u002Ftd>\u003Ctd>2,857\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Exposed internet instances\u003C\u002Ftd>\u003Ctd>21,639\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Leaked email addresses\u003C\u002Ftd>\u003Ctd>35,000\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Leaked agent API tokens\u003C\u002Ftd>\u003Ctd>1.5 million\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>CVSS score\u003C\u002Ftd>\u003Ctd>8.8\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>發生了什麼\u003C\u002Fh2>\u003Cp>OpenClaw 原名 Clawdbot、後改為 Moltbot，能在本機跑，並串接 \u003Ca href=\"\u002Ftag\u002Fclaude\">Claude\u003C\u002Fa>、GPT 等模型。它可執行 shell 指令、讀寫檔案、瀏覽網頁、寄信、管行事曆，還會保留跨次\u003Ca href=\"\u002Fnews\u002Fclaude-sonnet-46-sre-benchmark-rootly-zh\">工作\u003C\u002Fa>階段的記憶。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782771466079-ukkv.png\" alt=\"OpenClaw 13.5 萬星後爆出 SaaS 安全危機\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>這種高權限設計很快就被盯上。Reco 指出，OpenClaw 爆紅後兩週內就出現一串事件：\u003C\u002Fp>\u003Cul>\u003Cli>1 月 27 日至 29 日，攻擊者透過 ClawHub 上架 335 個惡意 skills。\u003C\u002Fli>\u003Cli>後續統計顯示，2,857 個 skills 中有 341 個惡意項目，約占 12%。\u003C\u002Fli>\u003Cli>1 月 30 日，OpenClaw 修補 CVE-2026-25253，一鍵遠端程式執行漏洞。\u003C\u002Fli>\u003Cli>1 月 31 日，Censys 發現 21,639 個暴露在網路上的實例。\u003C\u002Fli>\u003Cli>1 月 31 日，Moltbook 外洩 35,000 個 email 與 150 萬組 agent API tokens。\u003C\u002Fli>\u003Cli>2 月 3 日，OpenClaw 再揭露 3 項高影響公告，包含 2 個 command-injection 漏洞。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>問題不只是一個漏洞，而是 marketplace 信任、本機暴露與代理權限疊在一起。只要一個惡意連結或 skill 被執行，就可能在幾秒內觸發程式碼執行與資料存取。\u003C\u002Fp>\u003Ch2>為什麼重要\u003C\u002Fh2>\u003Cp>對企業來說，\u003Ca href=\"\u002Fnews\u002Fllm-wikis-beat-raw-rag-knowledge-work-zh\">真正的\u003C\u002Fa>風險是 shadow AI。員工可能把個人 agent 接上 Slack、\u003Ca href=\"\u002Ftag\u002Fgoogle\">Google\u003C\u002Fa> Workspace、Email 或文件系統，卻沒有經過安全審查，OAuth token 和資料也可能在被入侵後延續可用。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782771461558-z8n4.png\" alt=\"OpenClaw 13.5 萬星後爆出 SaaS 安全危機\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>這讓傳統防護變得不夠用。端點工具只看到程序，網路工具只看到 API 流量，身分系統只看到授權，但都不擅長把 autonomous agent 當成獨立風險類別來看。安全團隊若看不到 agent 連線、權限與 app-to-app 活動，就很難在事故前攔下它。\u003C\u002Fp>\u003Cp>OpenClaw 不是單一案例，而是提醒：AI agent 拿到 SaaS 權限的速度，已經快過多數企業建立可視性的速度。\u003C\u002Fp>","OpenClaw 在 GitHub 衝上 13.5 萬星後，短時間內接連出現惡意 skills、暴露實例與 token 外洩，凸顯 AI agent 正快速放大 SaaS 風險。","www.reco.ai","https:\u002F\u002Fwww.reco.ai\u002Fblog\u002Fopenclaw-the-ai-agent-security-crisis-unfolding-right-now",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782771466079-ukkv.png","industry","zh","08cd2ab1-2a2c-4ab6-ab51-4b16a0fed4ab",[17,18,19,20,21],"OpenClaw","AI agent","SaaS security","OAuth token","shadow AI",[23,24,25],"高權限 AI agent 會把 SaaS 工具鏈變成攻擊面。","市場上的 skills 與本機暴露面，會放大供應鏈與 RCE 風險。","企業需要直接監看 agent 權限與 app-to-app 活動。",4,"2026-06-29T22:17:15.984161+00:00","2026-06-29T22:17:15.956+00:00","caa87b65-9bbc-46fe-bba8-4f4158dd2d8b",{"tags":31,"relatedLang":36,"relatedPosts":40},[32,34],{"name":17,"slug":33},"openclaw",{"name":18,"slug":35},"ai-agent",{"id":15,"slug":37,"title":38,"language":39},"openclaw-135000-star-saas-security-crisis-en","135,000-star OpenClaw hits SaaS security crisis","en",[41,47,53,59,65,71],{"id":42,"slug":43,"title":44,"cover_image":45,"image_url":45,"created_at":46,"category":13},"45eef4b4-fff9-4bbc-9860-a3820395f5c9","webx-2026-speaker-lineup-conference-brief-zh","WebX 2026 把聲量拆成會議簡報","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1783928000041-ukar.png","2026-07-13T07:32:54.333855+00:00",{"id":48,"slug":49,"title":50,"cover_image":51,"image_url":51,"created_at":52,"category":13},"61a27712-a243-481e-9a47-fa84f552ac36","ai-weekly-2026-w29-zh","AI 週報：2026-07-06 ~ 2026-07-13","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1783916422596-zvn0.png","2026-07-13T04:00:33.233975+00:00",{"id":54,"slug":55,"title":56,"cover_image":57,"image_url":57,"created_at":58,"category":13},"9ca76a1c-f59b-4633-9d7e-45a1ce18495d","ai-act-europe-operating-system-ai-zh","AI Act 應被視為歐洲 AI 的作業系統","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1783902767441-90pc.png","2026-07-13T00:32:21.395542+00:00",{"id":60,"slug":61,"title":62,"cover_image":63,"image_url":63,"created_at":64,"category":13},"39624a31-f79e-444f-9850-cabad1885429","booz-allen-openai-deal-real-ai-advantage-zh","Booz Allen 的 OpenAI 合作是真優勢，不是噱頭","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1783900966921-i3t0.png","2026-07-13T00:02:18.55857+00:00",{"id":66,"slug":67,"title":68,"cover_image":69,"image_url":69,"created_at":70,"category":13},"d1753385-8c03-4dec-b939-e5ca8bae9030","opensearch-vector-search-benchmark-5-parts-zh","OpenSearch 向量搜尋基準的 5 種跑法","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1783850566022-b79s.png","2026-07-12T10:02:22.269045+00:00",{"id":72,"slug":73,"title":74,"cover_image":75,"image_url":75,"created_at":76,"category":13},"6e790897-c9af-402c-a928-f2b0cc02f4e6","vector-databases-work-in-production-zh","4 種能上線的向量資料庫選擇","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1783846963245-35py.png","2026-07-12T09:02:23.058273+00:00",[78,83,88,93,98,103,108,113,118,123],{"id":79,"slug":80,"title":81,"created_at":82},"ee073da7-28b3-4752-a319-5a501459fb87","ai-in-2026-what-actually-matters-now-zh","2026 AI 真正重要的事","2026-03-26T07:09:12.008134+00:00",{"id":84,"slug":85,"title":86,"created_at":87},"83bd1795-8548-44c9-9a7e-de50a0923f71","trump-ai-framework-power-speech-state-preemption-zh","川普 AI 框架瞄準電力、言論與州權","2026-03-26T07:12:18.695466+00:00",{"id":89,"slug":90,"title":91,"created_at":92},"ea6be18b-c903-4e54-97b7-5f7447a612e0","nvidia-gtc-2026-big-ai-announcements-zh","NVIDIA GTC 2026 重點拆解","2026-03-26T07:14:26.62638+00:00",{"id":94,"slug":95,"title":96,"created_at":97},"4bcec76f-4c36-4daa-909f-54cd702f7c93","claude-users-spreading-out-and-getting-better-zh","Claude 用戶更分散，也更會用","2026-03-26T07:22:52.325888+00:00",{"id":99,"slug":100,"title":101,"created_at":102},"bd903b15-2473-4178-9789-b7557816e535","openclaw-raises-hard-question-for-ai-models-zh","OpenClaw 逼問 AI 模型價值","2026-03-26T07:24:54.707486+00:00",{"id":104,"slug":105,"title":106,"created_at":107},"eeac6b9e-ad9d-4831-8eec-8bba3f9bca6a","gap-google-gemini-checkout-fashion-search-zh","Gap 把結帳搬進 Gemini","2026-03-26T07:28:23.937768+00:00",{"id":109,"slug":110,"title":111,"created_at":112},"0740e53f-605d-4d57-8601-c10beb126f3c","google-pushes-gemini-transition-to-march-2026-zh","Google 把 Gemini 轉換延到 2026 年 3…","2026-03-26T07:30:12.825269+00:00",{"id":114,"slug":115,"title":116,"created_at":117},"e660d801-2421-4529-8fa9-86b82b066990","metas-llama-4-benchmark-scandal-gets-worse-zh","Meta Llama 4 分數風波又擴大","2026-03-26T07:34:21.156421+00:00",{"id":119,"slug":120,"title":121,"created_at":122},"183f9e7c-e143-40bb-a6d5-67ba84a3a8bc","accenture-mistral-ai-sovereign-enterprise-deal-zh","Accenture 攜手 Mistral AI 賣主權 AI","2026-03-26T07:38:14.818906+00:00",{"id":124,"slug":125,"title":126,"created_at":127},"191d9b1b-768a-478c-978c-dd7431a38149","mistral-ai-faces-its-hardest-year-yet-zh","Mistral AI 迎來最硬的一年","2026-03-26T07:40:23.716374+00:00"]