Cybersecurity company Minimus has developed a version of OpenClaw, formerly known as MoltBot, that reduces the number of security vulnerabilities in the popular tool from thousands to just a handful. The company created a hardened, minimal container image of the tool that retains all the features of the original release while eliminating 99% of its security vulnerabilities and is making it available free of charge.
OpenClaw is an open-source tool launched several weeks ago. It enables organizations and individual users to run an AI agent within their own work environment, without relying on an external cloud service. The tool connects advanced language models with everyday applications such as WhatsApp, Slack, Telegram, and Discord, allowing the AI agent to read messages, respond, take actions, and even access internal systems - all from a local infrastructure controlled by the organization. The last version even has an Apple watch MVP allowing you to receive OpenClaw notifications directly on your wrist.
The tool quickly gained strong popularity within the developer and open source software communities, mainly due to three key advantages: it is free, open-source (the project’s code is open to the public and anyone can contribute to it), and enables full data control. Think about it as a smart assistant that integrates with applications you are using on a daily basis, and communicates with you via your favorite messaging application. It simply can do tasks on your behalf, like reading and sending emails, booking, accessing and modifying any data you grant it access to. This raises a critical issue at a time when organizations are concerned about transferring sensitive information to third-party services.
As Artur Oleyarsh, Security Researcher at Minimus, puts it: “This marks a significant step toward an inevitable future where AI agents are becoming as common as smartphones. We’re witnessing the moment when sophisticated and complex AI assistance transitions from specialized technical deployments to everyday tools that anyone can install and use. Whether it’s managing your daily tasks and calendar, automating work, or organizing your personal life, AI agents are moving from the realm of possibility into practical reality. OpenClaw represents this transformation in action. However, with this revolution comes a sobering reality: every AI agent we invite to our lives, blindly trusting ‘plug and play’ installations, opens a new attack vector that malicious actors are already exploiting in the wild.”
Alongside its advantages, however, more than 2,000 different security vulnerabilities were identified in OpenClaw versions, introduced through third-party open-source software dependencies, some of which were classified as high/critical-risk. One reason for those severe exposures is that the project was coded using a “vibe coding” approach, in which an LLM agent performs the coding based on user instructions. Just imagine the security implications of a vibe coded project with over 700 contributors, keeping in mind that OpenClaw integrates with your favorite applications (and its data) which you’re using on a daily basis. Some of the vulnerabilities enable attacks such as malicious code execution, and user data exposure - particularly in deployments using Docker, where they could expose the user to cloud native attacks. Due to the large number of vulnerabilities, companies including Meta have prohibited employees from installing the tool. This is not science fiction, there are already observed attacks in the wild on OpenClaw instances deployed with default configuration and exposed to the public internet. Despite all the deep security concerns above, in a recent acqui-hire deal, OpenAI brought the tool’s creator on board.
The version developed by Minimus eliminates the vast majority of these vulnerabilities, contains no critical operating system–level vulnerabilities, and can include automatic security updates and ongoing support. Full details and pull instructions for the Minimus OpenClaw hardened, minimal container image are available on the company’s website.
Minimus was founded at the end of 2022 by Ben Bernstein (CEO), Dima Stopel (VP R&D), and John Morello (CTO). All three are experienced entrepreneurs who previously founded Twistlock,a cloud security company that was acquired by Palo Alto Networks in 2019 for $410 million.
Minimus’ container security platform creates secure, minimal container-like infrastructure that replaces existing components at every stage of the development process through a single change in deployment configuration files. The images are built from scratch, directly from project source code, with only the minimum software components required to run the application — dramatically reducing the attack surface.
About a year ago, the company completed one of the largest seed funding rounds in cybersecurity, raising $51 million led by YL Ventures and Mayfield, with participation from prominent cybersecurity leaders including George Kurtz, CEO of CrowdStrike; Mickey Boodaei, CEO of Transmit Security; Udi Mokady, founder of CyberArk; Assaf Rappaport, CEO of Wiz; and others.